GitHub has made available two new security features for open and private repositories: code scanning (as a GitHub-native experience) and secret scanning.
With the former, it aims to prevent vulnerabilities from ever being introduced into software and, ideally, help developers eliminate entire bug classes forever. With the latter, it wants to make sure that developers are not inadvertently leaking secrets (e.g., cloud tokens, passwords, etc.) in their repositories.
Code scanning
The code scanning feature, available for set up in every GitHub repository (in the Security tab), is powered by CodeQL, a semantic code analysis engine that GitHub has made available last year.
CodeQL can analyze code written in C, C++, C#, Java, ..
Support the originator by clicking the read the rest link below.
