Code scanning integrates the powerful semantic analysis capabilities of CodeQL into your developer workflow. With code scanning enabled, every
https://github.com/features/security/advanced-security/signupgit push
is scanned for new security concerns and the results are displayed directly in your pull request diffs. We’ve partnered with researchers in the GitHub Security Lab to develop queries that protect you from common coding mistakes like buffer overruns, untrusted data deserialization, and many other OWASP top 10 vulnerabilities. In additional, you can develop your own custom queries, and all our default queries are open source.
Secret scanning for private repositories applies our years of expertise scanning public repositories for committed tokens to your proprietary code. For every commit made to your repository, and its full git history, we’ll look for secret formats from secret scanning partners as well as other generic secret types including SSH keys. Secret scanning can protect you from unauthorized access to the services you use.