Managing code scanning alerts

Learn how to triage, track, and resolve code scanning alerts.

Who can use this feature?

Code scanning is available for all public repositories on GitHub.com. To use code scanning in a private repository owned by an organization, you must have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

About code scanning alerts

Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.

About autofix for CodeQL code scanning

Learn how GitHub uses AI to suggest potential fixes for code scanning alerts found by CodeQL in your pull request.

Disabling autofix for code scanning

You can choose to disallow code scanning autofix for an enterprise or disable autofix at the organization and repository level.

Managing code scanning alerts for your repository

From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.

Triaging code scanning alerts in pull requests

When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.

Tracking code scanning alerts in issues using task lists

You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.