GitHub today launched the GitHub Security Lab, an ongoing effort to protect open source code projects.
The GitHub Security Lab is aimed at bringing together security researchers from partner organizations like Google, Microsoft, Mozilla, Oracle, Uber, and HackerOne.
Many open source projects form an underlying infrastructure for modern software such as programming languages like Ruby and Python, machine learning frameworks like TensorFlow, and Kubernetes for containerless apps and Microsoft’s Visual Studio Code, the most popular open source repository on GitHub.
To power the GitHub Security Lab, GitHub is open-sourcing CodeQL, variant analysis software from Semmle, a company it acquired in September to help GitHub better spot exploits in code.
Semmle security software is used by companies like Google, Microsoft, and NASA.
GitHub says it’s used the CodeQL semantic code analysis engine to find more than 100 vulnerabilities in popular open source projects with custom queries.