Enabling code scanning

You can enable code scanning for your project's repository.

People with write permissions to a repository can enable code scanning for the repository.

In this article

Note: Code scanning is currently in beta and subject to change. To request access to the beta, join the waitlist.

Enabling code scanning

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Security.
    Security tab
  3. To the right of "Code scanning", click Set up code scanning.
    "Set up code scanning" button to the right of "Code scanning" in the Security Overview
  4. Under "Get started with code scanning", click Set up this workflow.
    "Set up this workflow" button under "Get started with code scanning" heading
  5. Optionally, to customize how code scanning scans your code, edit the workflow. For more information, see "Configuring code scanning."
  6. Use the Start commit drop-down, and type a commit message.
    Start commit
  7. Choose whether you'd like to commit directly to the default branch, or create a new branch and start a pull request.
    Choose where to commit
  8. Click Commit new file or Propose new file.

After you commit the workflow file or create a pull request, code scanning will analyze your code according to the frequency you specified in your workflow file. If you created a pull request, code scanning will only analyze the code on the pull request's topic branch until you merge the pull request into the default branch of the repository.

Next steps

After you enable code scanning, you can monitor analysis, view results, and further customize how you scan your code.

Ask a human

Can't find what you're looking for?

Contact us