- GitHub introduced a new code scanning option named Default Setup, which automatically set up code scanning without using a .yaml file.
- It provides developers with insights to help them find and fix vulnerabilities quickly without disrupting your workflow.
Streamline code scanning setup
Users who enabled the feature will immediately start getting insights from code scanning, enabling them to find and fix vulnerabilities. To enable it, users can navigate to “Code security and analysis” under the “Security” heading in the “Settings” tab of the repository. The new feature can be activated from the new code scanning setup toolbox.
The “Set up” button will present two options, the first is “Default,” which automatically sets up code scanning without a .yaml file and the second is “Advanced,” which allows users to customize their code scanning setup with a .yaml file. The option will be grayed out for the repositories that can’t support the default setup.
When the “Default” option is clicked, it will provide a tailored configuration summary based on the contents of the repository, including the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. These options will be customizable in the future. When the “Enable CodeQL” is clicked, code scanning will automatically run.