Finding security vulnerabilities and errors in your code with code scanning
Keep your code secure by using code scanning to identify and fix potential security vulnerabilities and other errors in your code.
Who can use this feature?
Code scanning is available for the following repository types:
- Public repositories on GitHub.com
- Organization-owned repositories on GitHub Team with GitHub Code Security enabled
- Introduction to code scanning
- Enabling code scanning
- Creating an advanced setup for code scanning
- Managing code scanning alerts
- About code scanning alerts
- Responsible use of Copilot Autofix for code scanning
- Disabling Copilot Autofix for code scanning
- Assessing code scanning alerts for your repository
- Resolving code scanning alerts
- Best practices for participating in a security campaign
- Fixing alerts in a security campaign
- Triaging code scanning alerts in pull requests
- Managing your code scanning configuration
- About the tool status page for code scanning
- Editing your configuration of default setup
- Set code scanning merge protection
- Enabling delegated alert dismissal for code scanning
- CodeQL query suites
- Configuring larger runners for default setup
- Viewing code scanning logs
- Actions queries for CodeQL analysis
- C and C++ queries for CodeQL analysis
- C# queries for CodeQL analysis
- GitHub Actions queries for CodeQL analysis
- Go queries for CodeQL analysis
- Java and Kotlin queries for CodeQL analysis
- JavaScript and TypeScript queries for CodeQL analysis
- Python queries for CodeQL analysis
- Ruby queries for CodeQL analysis
- Rust queries for CodeQL analysis
- Swift queries for CodeQL analysis
- Integrating with code scanning
- Troubleshooting code scanning
- Error: "GitHub Code Security or GitHub Advanced Security must be enabled for this repository to use code scanning"
- Alerts found in generated code
- Code scanning analysis takes too long
- Automatic build failed for a compiled language
- C# compiler unexpectedly failing
- Cannot enable CodeQL in a private repository
- Enabling default setup takes too long
- Extraction errors in the database
- CodeQL scanned fewer lines than expected
- Logs are not detailed enough
- Error: "No source code was seen during the build"
- Error: "is not a .ql file, .qls file, a directory, or a query pack specification"
- Error: "Out of disk" or Error: "Out of memory"
- Error: 403 "Resource not accessible by integration"
- Results are different than expected
- Error: "Server error"
- Some languages were not analyzed with CodeQL advanced setup
- Two CodeQL workflows
- Unclear what triggered a workflow run
- Warning: "1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary"
- Warning: Detected X Kotlin files in your project that could not be processed without a build
- Troubleshooting SARIF uploads