Senior Engineering Manager at a logistics company with 10,001+ employees
Real User
Top 20
2025-04-24T14:53:38Z
Apr 24, 2025
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
soln architect at a newspaper with 11-50 employees
Real User
Top 20
2025-03-13T14:03:39Z
Mar 13, 2025
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.
Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.