Data Engineer at a tech services company with 201-500 employees
Real User
Top 20
2025-07-08T08:04:52Z
Jul 8, 2025
In my opinion, areas of GitHub Code Scanning that could be improved include that a few things are not visible to us, such as where it stores data and which path. There is a separate team for that who handles all the locations, which isn't very transparent. If it gets placed in the wrong place, we would never know. So, more transparency is expected; that is the only small thing I can think of. Additionally, the feature to validate whether the script is valid or not can also be enhanced. Areas of GitHub Code Scanning that could be improved include that everywhere where code deployment is required, we need GitHub.
Senior Engineering Manager at a logistics company with 10,001+ employees
Real User
Top 20
2025-04-24T14:53:38Z
Apr 24, 2025
When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial. This would allow developers to address issues before the code gets merged. Adding this capability could ensure developers are alerted to potential vulnerabilities upfront.
soln architect at a newspaper with 11-50 employees
Real User
Top 20
2025-03-13T14:03:39Z
Mar 13, 2025
One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention.
Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.
In my opinion, areas of GitHub Code Scanning that could be improved include that a few things are not visible to us, such as where it stores data and which path. There is a separate team for that who handles all the locations, which isn't very transparent. If it gets placed in the wrong place, we would never know. So, more transparency is expected; that is the only small thing I can think of. Additionally, the feature to validate whether the script is valid or not can also be enhanced. Areas of GitHub Code Scanning that could be improved include that everywhere where code deployment is required, we need GitHub.
When running code scans, GitHub Code Scanning provides recommendations for probable fixes. However, integrating a feature where developers receive real-time highlights of vulnerabilities when checking in or merging a PR would be beneficial. This would allow developers to address issues before the code gets merged. Adding this capability could ensure developers are alerted to potential vulnerabilities upfront.
One area for improvement could be the ability to have an AI system digest the reports generated from code scanning and provide a summary. Currently, the reports can be extensive, and users may overlook details, such as outdated libraries, which could be highlighted for attention.
GitHub Code Scanning should add more templates.