Code scanning is generally available

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Today we're excited to announce that code scanning is generally available on GitHub.com.

  • Code scanning is free for public repositories. Learn more about how to enable code scanning today.
  • For private repositories, code scanning is available to GitHub Enterprise through Advanced Security. Contact Sales to learn more.
  • For those interested in helping to secure the open source ecosystem, we also invite you to contribute to the growing list of CodeQL queries and become part of our growing security community.
  • Read the full blog post.

You can now run CodeQL analysis in any CI/CD setup and upload the results to GitHub code scanning.

Previously, the code scanning beta required users to run their CodeQL analysis using GitHub Actions. Now, for organizations who wish to adopt code scanning without using Actions, we have released the new CodeQL runner. The runner makes it easy to run CodeQL analysis from any CI/CD system and upload the results to GitHub for display as code scanning alerts.

Learn more about running code scanning in your CI system

See more