GitHub AE is currently under limited release. Please contact our Sales Team to find out more.

GitHub AE

English

English
简体中文 (Simplified Chinese)
日本語 (Japanese)
Español (Spanish)
Português do Brasil (Portuguese)

Finding security vulnerabilities and errors in your code with code scanning

Keep your code secure by using code scanning to identify and fix potential security vulnerabilities and other errors in your code.

Code scanning is available as part of GitHub Advanced Security, which is free during the beta release. For more information, see "About GitHub Advanced Security."

Automatically scanning your code for vulnerabilities and errors

About code scanning
Triaging code scanning alerts in pull requests
Setting up code scanning for a repository
Managing code scanning alerts for your repository
Configuring code scanning
About code scanning with CodeQL
Recommended hardware resources for running CodeQL
Configuring the CodeQL workflow for compiled languages
Troubleshooting the CodeQL workflow
Running CodeQL code scanning in a container
Viewing code scanning logs

Integrating with code scanning

About integration with code scanning
Uploading a SARIF file to GitHub
SARIF support for code scanning

Using CodeQL code scanning with your existing CI system

About CodeQL code scanning in your CI system
Installing CodeQL CLI in your CI system
Configuring CodeQL CLI in your CI system
Running CodeQL runner in your CI system
Configuring CodeQL runner in your CI system
Troubleshooting CodeQL runner in your CI system
Migrating from the CodeQL runner to CodeQL CLI

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community

Contact support

Finding security vulnerabilities and errors in your code with code scanning

Did this doc help you?

Help us make these docs great!

Still need help?