docs/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning.md

title, intro, product, redirect_from, versions, type, topics

title	intro	product	redirect_from	versions	type	topics
About code scanning	You can use {% data variables.product.prodname_code_scanning %} to find security vulnerabilities and errors in the code for your project on {% data variables.product.prodname_dotcom %}.	{% data reusables.gated-features.code-scanning %}	/github/managing-security-vulnerabilities/about-automated-code-scanning /github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning /code-security/secure-coding/about-code-scanning /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning	fpt ghes ghae ghec * * * *	overview	Advanced Security Code scanning

{% data reusables.code-scanning.beta %} {% data reusables.code-scanning.enterprise-enable-code-scanning %}

About {% data variables.product.prodname_code_scanning %}

{% data reusables.code-scanning.about-code-scanning %}

You can use {% data variables.product.prodname_code_scanning %} to find, triage, and prioritize fixes for existing problems in your code. {% data variables.product.prodname_code_scanning_capc %} also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.

If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "Managing {% data variables.product.prodname_code_scanning %} alerts for your repository."

To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see "Webhook events and payloads." For information about API endpoints, see "{% data variables.product.prodname_code_scanning_capc %}."

To get started with {% data variables.product.prodname_code_scanning %}, see "Configuring {% data variables.product.prodname_code_scanning %} for a repository."

{% ifversion fpt or ghec %}

About billing for {% data variables.product.prodname_code_scanning %}

{% data variables.product.prodname_code_scanning_capc %} uses {% data variables.product.prodname_actions %}, and each run of a {% data variables.product.prodname_code_scanning %} workflow consumes minutes for {% data variables.product.prodname_actions %}. For more information, see "About billing for {% data variables.product.prodname_actions %}."

{% endif %}

About tools for {% data variables.product.prodname_code_scanning %}

You can configure {% data variables.product.prodname_code_scanning %} to use the {% data variables.product.prodname_codeql %} product maintained by {% data variables.product.company_short%} or a third-party {% data variables.product.prodname_code_scanning %} tool.

About {% data variables.product.prodname_codeql %} analysis

{% data reusables.code-scanning.about-codeql-analysis %} For more information about {% data variables.product.prodname_codeql %}, see "About code scanning with CodeQL."

About third-party {% data variables.product.prodname_code_scanning %} tools

{% data reusables.code-scanning.interoperable-with-tools-that-output-sarif %}

You can run third-party analysis tools within {% data variables.product.product_name %} using actions or within an external CI system. For more information, see "Configuring {% data variables.product.prodname_code_scanning %} for a repository" or "Uploading a SARIF file to {% data variables.product.prodname_dotcom %}."