GitHub has announced the general availability of its code scanning feature, which is a developer-centric tool designed to identify security vulnerabilities in code before they reach production. This tool is powered by CodeQL, a sophisticated code analysis engine, and is integrated with GitHub Actions to seamlessly automate security within the development workflow. Code scanning focuses on actionable security rules and can run custom or community-contributed CodeQL queries to detect and prevent security issues like remote code execution and SQL injection. Since its beta launch, code scanning has been adopted by the community, scanning over 12,000 repositories and identifying more than 20,000 security issues, with a notable 72% of these being resolved before merging in the last 30 days. The feature supports extensibility through the open SARIF standard, allowing integration with third-party security tools and providing a unified interface for viewing results. Code scanning is free for public repositories and available as part of GitHub Advanced Security for private repositories, with users like Auth0 and McKesson Labs praising its effectiveness in improving security efficiency and confidence.