Security News > 2023 > January > GitHub makes it easier to scan your code for vulnerabilities
GitHub has introduced a new option to set up code scanning for a repository known as "Default setup," designed to help developers configure it automatically with just a few clicks.
While the CodeQL code analysis engine, which powers GitHub's code scanning, comes with support for many languages and compilers, the new option only shows up for Python, JavaScript, and Ruby repositories.
The first code scanning beta at GitHub Satellite in May 2020, and its general availability was announced four months later, in September 2020.
During beta testing, the feature was used to scan over 12,000 repositories 1.4 million times to find more than 20,000 security issues, including remote code execution, SQL injection, and cross-site scripting flaws.
Code scanning is free for all public repositories, and it's also available as a GitHub Advanced Security feature for GitHub Enterprise private repositories.
Slack's private GitHub code repositories stolen over holidays.