Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

GHAS Code Scanning

Write safer code from day one with end-to-end security. GitHub helps you address vulnerabilities earlier and ship secure applications with GitHub Advanced Security Code Scanning.

If your project uses any of the following languages then you can benefit from code scanning!

  • C/C++
  • C#
  • Go
  • Java
  • JavaScript/TypeScript
  • Python

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

You can use code scanning to find, triage, and prioritize fixes for existing problems in your code. Code scanning also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.

If code scanning finds a potential vulnerability or error in your code, GitHub displays an alert in the repository. After you fix the code that triggered the alert, GitHub closes the alert.

Actions to take

  1. Review language compatibility
  2. Enable code scanning on your repository