Managing code scanning alerts
Learn how to triage, track, and resolve code scanning alerts.
Who can use this feature?
Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."
About code scanning alerts
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
About autofix for CodeQL code scanning
Learn how GitHub uses AI to suggest potential fixes for code scanning alerts found by CodeQL in your pull request.
Managing code scanning alerts for your repository
From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.
Triaging code scanning alerts in pull requests
When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.
Tracking code scanning alerts in issues using task lists
You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.