Automatically scanning your code for vulnerabilities and errors
You can find vulnerabilities and errors in your project's code on GitHub, as well as view, triage, understand, and resolve the related escaneo de código alerts.
Escaneo de código is available for all public repositories, and for private repositories owned by organizations where GitHub Advanced Security is enabled. For more information, see "About GitHub Advanced Security."
About code scanning
You can use escaneo de código to find security vulnerabilities and errors in the code for your project on GitHub.
Triaging code scanning alerts in pull requests
When escaneo de código identifies a problem in a pull request, you can review the highlighted code and resolve the alert.
Setting up code scanning for a repository
You can set up escaneo de código by adding a workflow to your repository.
Managing code scanning alerts for your repository
From the security view, you can view, fix, dismiss, or delete alerts for potential vulnerabilities or errors in your project's code.
Configuring code scanning
You can configure how GitHub scans the code in your project for vulnerabilities and errors.
About code scanning with CodeQL
You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as escaneo de código alerts in GitHub.
Configuring the CodeQL workflow for compiled languages
You can configure how GitHub uses the CodeQL Analysis workflow to scan code written in compiled languages for vulnerabilities and errors.
Troubleshooting the CodeQL workflow
If you're having problems with escaneo de código, you can troubleshoot by using these tips for resolving issues.
Running CodeQL code scanning in a container
You can run escaneo de código in a container by ensuring that all processes run in the same container.
Viewing code scanning logs
You can view the output generated during escaneo de código analysis in GitHub.