Skip to content

The next step for GitHub code scanning!

Today, GitHub code scanning has all of’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of

Screenshot of the legacy view of

Three years ago, the team that built joined GitHub. From that moment on, we have worked tirelessly to natively integrate its underlying CodeQL analysis technology into GitHub. In 2020, GitHub code scanning was launched in public beta, and later that year it became generally available for everyone. GitHub code scanning is powered by the very same analysis engine: CodeQL.

We’ve since continued to invest in CodeQL and GitHub code scanning. Today, GitHub code scanning has all of’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of

End of August 2022: no more user sign-ups and new repositories

Starting at the end of August, will no longer accept new user sign-ups. It will also no longer be possible to add new repositories for analysis to Existing users will continue to be able to log in and use, and the analysis of existing repositories will continue to work. However, historical analysis will no longer be performed–only new commits will be analyzed.

October: help migrate repositories to GitHub code scanning

We will do our best to help migrate repositories that actively use to flag potential security issues in their pull requests. For those repositories, we will create pull requests that add a GitHub Actions workflow that runs code scanning. Once that configuration file is merged, the repository’s source code (and future pull requests) will be scanned by GitHub code scanning. GitHub code scanning will flag any potential security issues in pull requests and on the repository’s security tab. Once that’s all working as it should, you can disable the integration.

Some repositories make use of advanced build and analysis configurations. In such cases, we might not be able to automatically propose a GitHub Actions workflow to set up code scanning. We will notify such repositories directly.

End of November: new commits and pull requests are no longer analyzed

At the end of November, will stop fetching new commits for the repositories that it analyzes. It will also stop analyzing pull requests on Repositories that still use’s pull request analysis in the week(s) leading up to this deprecation phase will be reminded through a message in the pull request comments that are posted by

16th of December: will be shut down

From the 16th of December, will no longer be available. This includes but is not limited to:

So long and thanks for all the fish!

On behalf of the entire team, we’d like to thank you all for joining us on this wonderful journey. From launching back in 2017, all the way through GitHub’s acquisition of Semmle in 2019, the subsequent launch of GitHub code scanning, and all the improvements we’ve since shipped: it’s been an absolutely amazing journey. Thank you!


How do I get started with GitHub code scanning?

GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, like code scanning or Dependabot, check out the getting started guide.

I love the query console—can I continue to use it?

If you are an active user of the query console and are not yet part of our beta program to test this functionality on GitHub, please leave us a note here.

Where can I ask questions or leave feedback?

Please join our GitHub Discussion on this topic here!

How can I download data from before it goes offline?

Please take a look at the large number of APIs that are available on

Explore more from GitHub



The latest on GitHub, from GitHub.
The ReadME Project

The ReadME Project

Stories and voices from the developer community.
GitHub Actions

GitHub Actions

Native CI/CD alongside code hosted in GitHub.
Work at GitHub!

Work at GitHub!

Check out our current job openings.