Managing code scanning alerts
Learn how to triage, track, and resolve code scanning alerts.
Who can use this feature?
Code scanning is available for the following repository types:
- Public repositories on GitHub.com
- Organization-owned repositories on GitHub Enterprise Cloud with GitHub Advanced Security enabled
About code scanning alerts
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
Responsible use of Copilot Autofix for code scanning
Learn how GitHub uses AI to suggest potential fixes for code scanning alerts and find out how best to mitigate limitations in the AI suggestions.
Disabling Copilot Autofix for code scanning
You can choose to disallow GitHub Copilot Autofix for an enterprise or disable GitHub Copilot Autofix at the organization and repository level.
Assessing code scanning alerts for your repository
From the security view, you can explore and evaluate alerts for potential vulnerabilities or errors in your project's code.
Resolving code scanning alerts
From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.
Triaging code scanning alerts in pull requests
When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.
Tracking code scanning alerts in issues using task lists
You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.