This version of GitHub Enterprise Server will be discontinued on 2026-04-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.
Find and fix code vulnerabilities
Identify vulnerabilities in your code by configuring and managing code scanning.
Configure code scanning
Configure code scanning for your repositories by choosing between default or advanced setup and customizing advanced settings as needed.
Manage your configuration
Manage and refine your code scanning configuration by monitoring tool status, updating default setup settings, and enforcing protections as your needs evolve.
Scan from the command line
Run code scanning from the command line using the CodeQL CLI to configure scans, customize queries, and troubleshoot results.
Scan from VS Code
Scan and analyze code from Visual Studio Code using CodeQL to write, test, and run queries, explore code structure, and manage databases and packs.
Integrate with existing tools
Integrate code scanning with your existing tools and workflows by running scans in your CI system or uploading results to GitHub using Static Analysis Results Interchange Format (SARIF).