Leveraging machine learning to find security vulnerabilities

GitHub code scanning now uses machine learning (ML) to alert developers to potential security vulnerabilities in their code. If you want to set up your repositories to surface more alerts using our new ML technology, get started here. Code security vulnerabilities can allow malicious actors to manipulate software into behaving in unintended and harmful ways. The best way to prevent such attacks is to detect and fix vulnerable code before it can be exploited. GitHub's code scanning capabilities leverage the CodeQL analysis engine to find security vulnerabilities in source code and surface alerts in pull requests – before the vulnerable code gets merged and released.