Betterscan Code Scan

Please use it to try it with small project (dozen of files or so). This is a FREE service, real deployment can handle thousands.

Installation:

Go here:
https://github.com/apps/betterscan-code-scan

Install

"Only select repositories"

or org and click

"Save"

It should now be working and integrated for your repository.

Security Automation Software

A simple and powerful software to automate thousands of checks and eliminate human errors in Code and Cloud Infrastructure

Has a Scan state feature. Findings will be published in Security->Code Scanning alerts tab (for private repositories Enterprise license is required with Advanced Security, for Public not)

Scan can take up to few minutes to hours until appear in Security->Code Scanning alerts tab.

Scan triggers on push to main (main, master branch), PR merge.

Features

Trivial setup, no software installation, compatible with many programming languages (PHP, Java, Scala, Python, PERL, Ruby, .NET Full Framework, C#, C, C++, Swift, Kotlin, Apex (Salesforce), Javascript, Typescript, GO, Solidity, DeFi Security (DeFi exploits), Infractructure as a Code (IaC) Security and Best Practices (Docker, Kubernetes (k8s), Terraform AWS, GCP, Azure), Secret Scanning (166+ secret types), YARA rules for Antidebug, Antivm, Crypto, CVE, Exploits Kits, Malware, Webshells, APTs, Dependency Confusion, Trojan Source, SBOM, Dependencies, Open Source and Proprietary Checks). Practically any Open Source and proprietary check can be added. Supports precise Graph based analysis.