GitHub Code Scanning Reviews

Name: GitHub Code Scanning
Brand: GitHub
Rating: 4.4 (4 reviews)

4.4 out of 5

4 reviews
100% willing to recommend

What is GitHub Code Scanning?

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

Get the Static Application Security Testing (SAST) Buyer's Guide and find out what your peers are saying about GitHub Code Scanning, SonarQube Server (formerly SonarQube), Veracode and more!

GitHub Code Scanning is the #18 ranked solution in AST tools. PeerSpot users give GitHub Code Scanning an average rating of 8.8 out of 10. GitHub Code Scanning is most commonly compared to SonarQube Server (formerly SonarQube): GitHub Code Scanning vs SonarQube Server (formerly SonarQube). GitHub Code Scanning is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 13% of all views.

Buyer's Guide

Static Application Security Testing (SAST)

April 2025

Get the category report

Helped 850,760 peers since 2012

Featured GitHub Code Scanning reviews

VishalSingh

Consulting & Solutions, BA/BD in Enterprise IT on Open Source, Red Hat & EDB at KEEN AND ABLE COMPUTERS PVT LTD

You can use the tool locally on your system or in the cloud. I rate it a nine out of ten. It's a very good tool for people who want to start using GitHubCode Scanning, especially for software development or team collaboration. GitHubCode Scanning allows teams to collaborate by uploading files to repositories. For example, if someone is developing an application, they can host the code on GitHub Code Scanning. Other developers can then download the code for testing purposes. If bugs are found, fixes can be applied using the GitHub Code Scanningrepository, and everyone on the team can see the changes. Software developers often use GitHub Code Scanning for version control, and it's essential for CI/CD pipelines to work.

Read full review

SekarSadasivam

Senior Engineering Manager at a logistics company with 10,001+ employees

When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial. This would allow developers to address issues before the code gets merged. Adding this capability could ensure developers are alerted to potential vulnerabilities upfront.

Read full review

reviewer2674647

soln architect at a newspaper with 11-50 employees

GitHub ( /products/github-reviews ) Code Spaces brings significant value with its simplicity and ease of use. It eliminates a lot of manual work that typically accompanies custom solutions, making management and maintenance more straightforward. This is crucial, as maintaining custom environments is usually more challenging. Using GitHub ( /products/github-reviews ) Code Spaces offers advantages in setting up the development environment due to its integrated features. The code review automation feature has accelerated our processes around code quality. It helps developers write better code faster and allows for quicker transitions between development stages. All actions, such as scanning, linting, and moving code between stages, have become more agile and efficient.

Read full review

GitHub Code Scanning mindshare

As of May 2025, the mindshare of GitHub Code Scanning in the Static Application Security Testing (SAST) category stands at 1.0%, up from 0.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Key learnings from peers

Last updated May 11, 2025

Valuable Features

GitHub Code Scanning's key features include identifying vulnerabilities through port communication analysis and powerful static code analysis. GitHub Code Spaces enhances setup by simplifying management, easing environment maintenance, and automating code reviews. Code scanning automation accelerates processes like scanning and linting, enabling faster code writing and transitions. GitHub Actions offers extensive options for repository management, including code reviews, Git branching, and repository integrations, ensuring high code quality and efficient development stages.

"The static code analysis capability in GitHub Code Scanning is a very powerful feature, providing the ability to identify vulnerabilities and ensure code quality."
"GitHub Code Spaces brings significant value with its simplicity and ease of use."
"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."

Room for Improvement

"When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial."
"One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention."
"GitHub Code Scanning should add more templates."

Pricing

"The minimum pricing for the tool is five dollars a month."
"GitHub Code Scanning is a moderately priced solution."

Scalability

GitHub Code Scanning exhibits strong scalability, with usage by thousands in various organizations. The scalability is contingent on network size but handles significant usage without issues. Extensive corporate use highlights its robust scaling capabilities. As a cloud-based platform, it manages scaling efficiently without noticeable challenges, adapting seamlessly to demand.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Static Application Security Testing (SAST) Buyer's Guide for additional reliable information.