Earlier this week, GitHub has officially released Code scanning alerts. To get started, visit the repository that you’d like to enable alerts on. In my case, I’m going to get started with the repository I created in yesterday’s post.

Visit the repository’s Security tab and choose Set up code scanning from the Overview page.

Enable GitHub Code Scanning Alerts

Next, you’ll have the option to choose the GitHub CodeQL Analysis or to use an analysis tool from the GitHub Marketplace.

Choose GitHub Code Scanning Alerts Tool

By choosing a tool, this will add a GitHub Action to your project:

Adding the CodeQL Analysis Tool to your Repository

As the analysis is executed, which it will be as soon as you add it, the action will be executed:

Executing CodeQL

Finally, after it is executed, you’ll be able to revisit the Security tab to see any appropriate security alerts.

GitHub Code Analysis Scanning Alerts