Skip to main content

Managing code scanning alerts

Learn how to triage, track, and resolve code scanning alerts.

Who can use this feature?

Code scanning is available for all public repositories on Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

About code scanning alerts

Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.

About autofix for CodeQL code scanning

Learn how GitHub uses AI to suggest potential fixes for code scanning alerts found by CodeQL.

Managing code scanning alerts for your repository

From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.

Triaging code scanning alerts in pull requests

When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.

Tracking code scanning alerts in issues using task lists

You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.