- It is also open-sourcing variant analysis software CodeQL
- Github has also opened Arctic Code Vault to store and preserve open source software like Flutter and TensorFlow
Github has launched a Security Lab to protect open source code projects. It plans to bring together security researchers from partner organizations like Google, Microsoft, Mozilla, Oracle, Uber and HackerOne with this security lab.
Github is open-sourcing variant analysis software, CodeQL from Semmle to power the security lab. It acquired Semmle in September this year. GitHub claims it has used CodeQL code analysis to find over 100 vulnerabilities in open source projects. Github also launched Security Advisories to work with maintainers in a private space and give security research a way to apply for Common Vulnerabilities and Exposures (CVE).
Arctic Code Vault
Github has also opened the Arctic Code Vault to store and preserve open source software like Flutter and TensorFlow. The code for all open source projects will be stored in the vault on films with frames that include 8.8 million pixels each which will last for 1,000 years claims Github.
The code will be kept in a decommissioned coal mine in Svalbard, Norway.The Arctic Code Vault will be extended to all public repositories in February next year as per the report.