Finding security vulnerabilities and errors in your code with code scanning
Keep your code secure by using code scanning to identify and fix potential security vulnerabilities and other errors in your code.
Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."
- Automatically scanning your code for vulnerabilities and errors
- About code scanning
- About code scanning alerts
- Triaging code scanning alerts in pull requests
- Configuring code scanning for a repository
- About the tool status page for code scanning
- Managing code scanning alerts for your repository
- Tracking code scanning alerts in issues using task lists
- Customizing code scanning
- About code scanning with CodeQL
- Recommended hardware resources for running CodeQL
- Built-in CodeQL query suites
- Configuring the CodeQL workflow for compiled languages
- Configuring code scanning at scale using CodeQL
- Running CodeQL code scanning in a container
- Viewing code scanning logs
- Integrating with code scanning
- Using CodeQL code scanning with your existing CI system
- About CodeQL code scanning in your CI system
- Installing CodeQL CLI in your CI system
- Configuring CodeQL CLI in your CI system
- Migrating from the CodeQL runner to CodeQL CLI
- Troubleshooting code scanning
- A particular language is causing default setup to fail
- Error: "Advanced Security must be enabled for this repository to use code scanning"
- Alerts found in generated code
- Automatic build failed for a compiled language
- Code scanning analysis takes too long
- CodeQL scanned fewer lines than expected
- Enabling default setup takes too long
- Extraction errors in the database
- Logs are not detailed enough
- Error: "No source code was seen during the build" or "The process '/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/codeql' failed with exit code 32"
- Error: "is not a .ql file, .qls file, a directory, or a query pack specification"
- Error: "Out of disk" or Error: "Out of memory"
- Error: 403 "Resource not accessible by integration"
- Results are different than expected
- Results differ between platforms
- Error: "Server error"
- Two CodeQL workflows
- Unclear what triggered a workflow run
- Warning: "1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary"