GitHub code scanning now surfaces AI-powered security detections directly on pull requests, expanding vulnerability coverage to languages and frameworks not currently supported by CodeQL. These detections help teams identify and address potential issues in parts of the codebase that previously had no native scanning coverage, all before code is merged.

What’s included

Broader language coverage: AI-powered detections extend code scanning to languages and frameworks beyond those supported by CodeQL’s built-in analysis, reducing blind spots across your codebase.

Native pull request integration: Findings appear directly in pull requests, so developers can review and address issues as part of their existing workflow before merging code. Alerts generated using AI will be labeled with AI so you can easily distinguish them from CodeQL results.

Easy to enable: Once allowed at the enterprise level, you can enable AI security detections for any repository or organization that have GitHub code security and CodeQL default setup turned on.