Managing code scanning alerts

Learn how to triage, track, and resolve code scanning alerts.

Who can use this feature?

Code scanning is available for the following repository types:

Public repositories on GitHub.com
Organization-owned repositories on GitHub Team, GitHub Enterprise Cloud, or GitHub Enterprise Server, with GitHub Code Security enabled.

Disabling Copilot Autofix for code scanning security alerts

You can block availability of GitHub Copilot Autofix for security alerts for an enterprise or disable GitHub Copilot Autofix at the organization and repository level.

Assessing code scanning alerts for your repository

From the security view, you can explore and evaluate alerts for potential vulnerabilities or errors in your project's code.

Resolving code scanning alerts

From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.

Fixing alerts in a security campaign

Learn how to find and fix alerts in a security campaign.

Triaging code scanning alerts in pull requests

When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.