Learn to identify, resolve, and prevent insecure coding patterns.
- Who is this for: Developers, security engineers, open source maintainers.
- What you'll learn: How to enable code scanning to identify typical vulnerabilities like SQL injection, review alerts, and take action to fix them.
- What you'll build: An automated process to identify existing vulnerabilities and prevent future vulnerabilities in production code.
- Prerequisites:
- How long: Less than 30 minutes.
Simply copy the exercise to your account, then give your favorite Octocat (Mona) about 20 seconds to prepare the first lesson, then refresh the page.
Having trouble? 🤷
When copying the exercise, we recommend the following settings:
- For owner, choose your personal account or an organization to host the repository.
- We recommend creating a public repository, as private repositories will use Actions minutes.
If the exercise isn't ready in 20 seconds:
- After your new repository is created, wait about 20 seconds, then refresh the page.
- Follow the step-by-step instructions in the issue created in your repository.
- If the page doesn't refresh automatically, please check the Actions tab.
- Check to see if a job is running. Sometimes it simply takes a bit longer.
- If the page shows a failed job, please submit an issue. Nice, you found a bug! 🐛
© 2025 GitHub • Code of Conduct • MIT License