One year ago, GitHub welcomed Semmle. Now, thanks to the thousands of developers in the community who tested and gave feedback, GitHub code scanning is generally available.
And today we take a first look at it.
Intro
So, what is GitHub Code Scanning?
Code scanning is a feature that you can use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors.
If code scanning finds a potential vulnerability or error in your code, GitHub displays an alert in the repository. And after you fix the code that triggered the alert, GitHub closes the alert.
The Video
Let's see how to enable and use it.
Enjoy the watch!
(Link to the video: https://youtu.be/A8SERCUE-i4)
Availability
As a final note, Code scanning is free for public repositories.
For private repositories, instead, code scanning is available in GitHub Enterprise through Advanced Security.
Conclusion
What do you think of Code Scanning? I think it is a very cool feature, and I'm already using it in all my repos.
Let me know in the comment section below if you want me to go deeper into this topic and create a longer video about it.