Earlier this week, GitHub has officially released Code scanning alerts. To get started, visit the repository that you’d like to enable alerts on. In my case, I’m going to get started with the repository I created in yesterday’s post.
Visit the repository’s Security tab and choose Set up code scanning from the Overview page.
Next, you’ll have the option to choose the GitHub CodeQL Analysis or to use an analysis tool from the GitHub Marketplace.
By choosing a tool, this will add a GitHub Action to your project:
As the analysis is executed, which it will be as soon as you add it, the action will be executed:
Finally, after it is executed, you’ll be able to revisit the Security tab to see any appropriate security alerts.