GitHub and Entry have introduced an AI‑powered Code Scanning Autofix that automatically detects, prioritizes, and repairs security flaws in JavaScript, TypeScript, Java, and Python code, dramatically speeding up vulnerability remediation for private repositories.
This article explains what static code scanning is, why PHP projects especially need it due to weak typing, runtime compilation and dependency complexity, compares popular tools like PHPStan, PHPSA and Phan, and shows how to integrate scanning into a release workflow.
This article introduces five essential Visual Studio Code extensions—1Password, Decompiler, Cloak, ESLint, and Snyk—that help developers securely manage secrets, decompile binaries, hide sensitive values, enforce safe coding standards, and automatically scan for vulnerabilities within the editor.
This article describes how Industrial and Commercial Bank of China tackled rising software vulnerabilities by establishing a unified code‑scanning center, integrating static, supply‑chain, and dynamic analysis tools, standardizing rules, and delivering one‑stop services that have scanned over 3.1 billion lines of code across the bank.
The article details how China Construction Bank's software development center enhanced code quality and accelerated delivery by integrating unit testing, test‑driven development, mutation testing, automated test code generation, code‑style scanning, and shared template mechanisms within a mature DevOps pipeline.
This article explains what Synopsys Polaris is, lists the programming languages it supports, describes how to access the SaaS platform, install the CLI, configure the polaris.yml file with capture and analysis settings, and run scans to obtain detailed vulnerability reports.
This guide explains how to set up SonarQube and Sonar‑scanner for static code analysis, run the scanner with project parameters, install the Sonar‑GitLab plugin, configure commit‑status integration, and use the resulting GitLab commit status to enforce merge‑request policies based on pipeline outcomes.
This guide explains how to install SonarQube and Sonar‑scanner, configure scanning parameters, add the Sonar‑GitLab plugin, and use additional properties to link scan results to GitLab commit statuses, enabling pipeline‑based merge request control.
This article introduces static code analysis, outlines its advantages and disadvantages, presents eight typical scanning rule categories, and demonstrates common pitfalls such as null‑pointer dereferences, logic errors, uninitialized variables, and potential overflow issues with concrete code examples.
Facebook’s open‑source Pysa tool statically scans Python code to detect data‑flow vulnerabilities, XSS and SQL‑injection risks, leveraging Pyre and Zoncolan techniques, achieving rapid analysis of millions of lines and uncovering 44% of Instagram’s security flaws in early 2020.
This week’s WecTeam frontend roundup covers Meituan’s Flutter dynamic system (Flap) that unifies DSL and runtime for faster releases, the official launch of ES2020 (ES11) adding ten new JavaScript features, and a low‑cost AST‑based code‑scanning technique for detecting financial‑loss risks in source code.
This weekly tech roundup explains how JavaScript sandboxes isolate code, details a low‑cost AST‑based code‑scanning approach, compares Vue, React and Angular, and shows how domain‑driven design and CSS variables can streamline modern front‑end development.
This article explains how the Taobao front‑end team leveraged Abstract Syntax Tree (AST) analysis with Babel to automatically detect risky code patterns—such as default price assignments, improper calculations, and hard‑coded promotional messages—during the 618 promotion, thereby preventing financial loss and public backlash.
This article examines common pitfalls in software development—such as confusing task volume with real demand, over‑emphasising resource utilization, and relying on batch releases—and offers practical guidance on demand‑driven collaboration, flow efficiency, cross‑functional teams, automated testing, and continuous delivery to create higher‑value outcomes.
The article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques, outlines the system architecture and incremental indexing pipeline, and shows how these practices can substantially raise overall product quality.
