Data Engineer at a tech services company with 201-500 employees
Real User
Top 20
2025-07-08T08:04:52Z
Jul 8, 2025
My usual use cases of GitHub Code Scanning involve scanning the codes and telling me the difference in the lines. It highlights the lines where changes are supposed to happen, and if any additional lines are added or deleted, it would highlight and tell me. It is basically a comparison between the existing code and the new one and highlights those differences, and then it would commit the changes. Once we click commit, the new code gets reflected, and the timeline of that is maintained. The time when new code changes are being reflected can be viewed by everyone in the organization who has access.
Senior Engineering Manager at a logistics company with 10,001+ employees
Real User
Top 20
2025-04-24T14:53:38Z
Apr 24, 2025
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
soln architect at a newspaper with 11-50 employees
Real User
Top 20
2025-03-13T14:03:39Z
Mar 13, 2025
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.
Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.
My usual use cases of GitHub Code Scanning involve scanning the codes and telling me the difference in the lines. It highlights the lines where changes are supposed to happen, and if any additional lines are added or deleted, it would highlight and tell me. It is basically a comparison between the existing code and the new one and highlights those differences, and then it would commit the changes. Once we click commit, the new code gets reflected, and the timeline of that is maintained. The time when new code changes are being reflected can be viewed by everyone in the organization who has access.
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.