Learn core concepts for GitHub's code scanning features.
You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub.
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
Generate a free code security risk assessment to understand your organization's exposure to vulnerabilities.
Copilot Autofix provides targeted recommendations to help you fix code scanning alerts and avoid introducing new security vulnerabilities.
Depending on your needs, GitHub offers a default or advanced setup for code scanning.
You can perform code scanning externally and then display the results in GitHub, or configure webhooks that listen to code scanning activity in your repository.
SARIF files convert third-party analyses into alerts on GitHub.
Connect security findings to your team's workflow by linking code scanning alerts to issues for tracking and collaboration.
Code scanning rules prevent pull requests with potential vulnerabilities from being merged.
MRVA lets you test a query in Visual Studio Code by running it against a large number of repositories.
Understand the core concepts behind CodeQL and how it helps you find vulnerabilities and errors in your code.
The tool status page provides visibility into the health and performance of code scanning tools in your repository.
Understand CodeQL's performance in pull requests across your organizations.
You can use repository properties to adjust code scanning to suit your needs.
All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
Make a contribution