A code-scanning capability that GitHub has been testing for the past several months is now generally available for organizations using the platform as part of their software development process. The scanner is based on CodeQL, a code analysis technology that GitHub acquired from its purchase of Semmle last year. Over 12,000 repositories on GitHub have been scanned a total of 1.4 million times since the scanner went into beta. Over that period, the scanner has uncovered more than 20,000 security issues in code stored on GitHub.”]
Source: https://www.darkreading.com/application-security/github-tool-spots-security-vulnerabilities-in-code