Skip to content


  • Arctic Code Vault Contributor

Hello! I'm Justin Hutchings, and I'm a product manager here at GitHub working on our security features for developers. My latest project has been the integration of Semmle's super cool CodeQL into GitHub with code scanning. Code scanning is free for public repositories, so go try it out (check your repository's security tab!).

A few of my talks on security and software:

Applying the GitHub security development lifecycle to your project GitHub Code Scanning GitHub security advisories


  1. This web app can be used to convert a Google calendar event into a simple Markdown file suitable for taking meeting notes.

    JavaScript 2 1

  2. This repository includes a Gemfile which includes a fake dependency which is always flagged as having security vulnerabilities.

    Ruby 5

  3. This repository contains a sample script which can be used to enable security vulnerability alerts in all of the repositories in a given organization.

    JavaScript 52 26

  4. This repo demonstrates how to use the GitHub Code Scanning API to export all the alerts in an organization to a CSV file

    JavaScript 11 5

  5. This repository creates pull requests to push a GitHub Actions workflow to a collection of workflows.

    PowerShell 6 4

Contribution activity

November 2020

Created a pull request in jaegertracing/jaeger that received 3 comments

Update CodeQL to latest best practices

Which problem is this PR solving? CodeQL Performance Short description of the changes 👋🏻 Your current CodeQL workflow is using a slightly older te…

+19 −32 3 comments
Opened 2 other pull requests in 1 repository
2 merged
Reviewed 3 pull requests in 1 repository
Opened 1 issue in 1 repository
1 open
59 contributions in private repositories Nov 2 – Nov 22

Seeing something unexpected? Take a look at the GitHub profile guide.

You can’t perform that action at this time.