Skip to content

Discover code scanning partner integrations on the GitHub Actions tab

GitHub code scanning supports a wide variety of code analysis engines through GitHub Actions workflows — including our own CodeQL engine. Users can now discover and configure Actions workflow templates for partner integrations straight from their repository's "Actions" tab under a category called "Security". Workflows are recommended based on the repository's content: we will suggest analysis engines that are compatible with the source code in your repository.

Configure workflow

Code scanning and our own CodeQL analysis engine are freely available for public repositories. Analysis engines and services provided by partners might require a subscription. You can also configure code scanning for organization-owned private repositories where GitHub Advanced Security is enabled.

Learn more about code scanning workflows on GitHub Actions tab.

Mentions support for the GitHub app in Microsoft Teams and Slack

Are you using our GitHub app in Microsoft Teams or Slack? Do you find it difficult to track all the notifications you get in your channels?
If yes, here comes a feature that helps you focus on the notifications that are relevant to you! 🎉

Teams PR mentions
Slack PR mentions

When you subscribe to a repository in Microsoft Teams or Slack, you will now see yourself mentioned in the notifications where you are referred and needs your attention.
As you receive notifications for Issues, PRs, Discussions and Deployments, here are the cases when you will be mentioned.

  • Assignee in an Issue
  • Reviewer for a PR
  • Mentioned in a PR/Issue description/comment/discussion
  • Reviewer for a Deployment
  • Scheduled reminders for PR review requests

See GitHub for Microsoft Teams or GitHub for Slack for more information about this feature.

See more

CODEOWNERS improvements (syntax errors, preview of who will be requested, and more)

A CODEOWNERS file defines the users or teams responsible for different parts of your repository, and helps ensure the right people are included in pull request reviews. We've shipped some improvements that make it easier to work with CODEOWNERS!

Surfacing syntax errors

Syntax errors are now surfaced when viewing a CODEOWNERS file from the web. Previously, when a line in a CODEOWNERS file had a syntax error, it would be ignored or in some cases cause the entire CODEOWNERS file to not load.

Screenshot of a CODEOWNERS file with errors

GitHub Apps and Actions can access the same list of errors using new REST and GraphQL APIs.

See which CODEOWNERS will be requested for review

When creating a new pull request or after pushing new changes to a draft pull request, any CODEOWNERS that will be requested for review are now listed:

Screenshot of pending reviewers on a draft PR

This gives you an early look at who will be requested to review once the pull request is marked ready for review.

Comment on the same line

Comments in CODEOWNERS files can now appear at the end of a line, not just on their own line:

*.js    @js-owner       # All JavaSript files

Learn more about CODEOWNERS files.

See more
View all changes