Configuring code scanning
You can configure code scanning for a repository to find security vulnerabilities in your code.
Configuring secret scanning for your repositories
You can configure how GitHub scans your repositories for leaked secrets and generates alerts.
Uploading a SARIF file to GitHub
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
Using code scanning with your existing CI system
You can analyze your code with the CodeQL CLI or another tool in a third-party continuous integration system and upload the results to your enterprise. The resulting code scanning alerts are shown alongside any alerts generated within GitHub AE.