At GitHub Satellite, we announced code scanning, part of GitHub Advanced Security. Code scanning is a developer-first static application security testing (SAST) product that is built into GitHub. Once configured, it scans every code change in your repository for security vulnerabilities, and flags them in the developer workflow. This makes it easy to find security vulnerabilities in your code before they ever reach production. Code scanning is powered by the revolutionary CodeQL analysis engine, with queries written and open sourced by leading security researchers.
Code scanning is in limited public beta for open source repositories and Enterprise Cloud customers. This feature is free for public repositories and part of GitHub Advanced Security for GitHub Enterprise customers.
Sign up for the code scanning beta
Learn more about code scanning