GitHub now allows developers to scan their code for security issues before they escalate.

GitHub now allows developers to scan their code for the “default setup” repository, hopefully helping them to spot any security issues before they escalate.

GitHub’s code scanning is powered by its CodeQL engine, and while it supports a wide variety of compilers, so far the feature is only available for Python, JavaScript, and Ruby. That should change soon, said GitHub’s Walker Chabbott, as the company now seeks to expand the support to additional languages by summer.

Automatically scanning your code for vulnerabilities and errors

You can find vulnerabilities and errors in your project’s code on GitHub, as well as view, triage, understand, and resolve the related code scanning alerts.

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see “About GitHub Advanced Security.”

https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors