What is GitHub Code Scanning?

Davide 'CoderDave' Benvegnù - Oct 30 '20 - - Dev Community

One year ago, GitHub welcomed Semmle. Now, thanks to the thousands of developers in the community who tested and gave feedback, GitHub code scanning is generally available.

And today we take a first look at it.

Intro

So, what is GitHub Code Scanning?

Code scanning is a feature that you can use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors.

Code Scanning

If code scanning finds a potential vulnerability or error in your code, GitHub displays an alert in the repository. And after you fix the code that triggered the alert, GitHub closes the alert.

The Video

Let's see how to enable and use it.

Enjoy the watch!

(Link to the video: https://youtu.be/A8SERCUE-i4)

Availability

As a final note, Code scanning is free for public repositories.

For private repositories, instead, code scanning is available in GitHub Enterprise through Advanced Security.

Conclusion

What do you think of Code Scanning? I think it is a very cool feature, and I'm already using it in all my repos.

Let me know in the comment section below if you want me to go deeper into this topic and create a longer video about it.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .