GitHub about accessibility for all users of the service , which was previously offered only to members of a limited program to test new experimental features. Service Scanning every git push operation for potential vulnerabilities. The result is attached directly to the pull request. The check is performed using the engine , which analyzes patterns with typical examples of vulnerable code (CodeQL allows you to generate a template of vulnerable code to detect the presence of a similar vulnerability in the code of other projects).
During the beta testing of the service, scanning about 12 repositories revealed more than 20 security issues, including serious problems leading to remote code execution and SQL query substitution. 72% of the issues found were identified at the pull request stage, before it was accepted, and fixed in less than 30 days (for comparison, general industry statistics show that only 30% of vulnerabilities are fixed in less than a month after discovery).
Source: opennet.ru