Skip to content

Code scanning can be set up more easily without committing a workflow file to the repository

Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository.

Code scanning's new default setup feature automatically finds and sets up the best CodeQL configuration for your repository. This will detect the languages in the repository and enable CodeQL analysis for every pull request and every push to the default branch and any protected branches. Default setup currently supports analysis of JavaScript (including TypeScript), Python, and Ruby code. More languages will be supported soon, and all other languages supported by CodeQL continue to work using a GitHub Actions workflow file.

The new default setup feature is available for CodeQL on repositories that use GitHub Actions. You can use default setup on your repository's "Settings" tab under "Code security and analysis" (accessible by repository admins and security managers).

Screenshot of code scanning's new _default setup_

The options to set up code scanning using an Actions workflow file or through API upload from 3rd party CI/CD systems remain supported and are unchanged. This more advanced setup method can be useful if you need to alter the default configuration, for example to include custom query packs. Default setup configurations can also be converted to advanced setups if your analysis requirements change.

Default setup is currently available at the repository level. We are actively working on future features at the organization level so you can easily set up code scanning at scale across large numbers of repositories.

This has shipped to and will be available in GitHub Enterprise Server 3.9. To learn more, read the documentation on setting up code scanning for a repository.

GitHub Advanced Security customers can view an event in their organization or enterprise audit log when an admin enables or disables push protection for a custom pattern at the repository, organization, or enterprise level.

See more

New year, new features and improvements! 🎆 We're making URLs in Projects more powerful with direct links to the project READMEs, project item side-panel, and adding items from repository pane.

📖 Access Project READMEs by URL

Project READMEs have been around for a while but in many of our customer calls, we found that you struggled to find them. With our latest release, we've added the ability for you to directly reference and share the README pane by URL.

With the README open, copy the URL in your address bar and share wherever it's needed. We suggest using this as the primary link when sharing a project because it drops your teammates directly into a view that provides valuable information about the project.

You can link to an issue in a repository and you can link to a project, but now you also have the ability to deep link to a specific issue in the project to open it in the item side-panel. Share context more quickly by directly sharing your view – project and opened item – with just one URL.

You can also deep link to the Add item from repository pane as an additional shortcut to make it even easier to bulk add items.

✨ Bug fixes and improvements

  • Ability to delete all items from a board column with improved menu options
  • Improved wildcard filtering
  • Ability to specify the project title from the project template dialog
  • Included @today in date suggestions
  • Fixed overflowing text in board item field pills
  • Added Closed label to a closed project
  • Updated aria label for removing a single select field value
  • Corrected positioning when dragging board columns to the right
  • Fixed empty field values in the item side-panel when there is data
  • Ability to filter by item number in the board layout
  • Added a fix to disable workflows when a project is closed

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more