# Concepts for code scanning Learn core concepts for GitHub's code scanning features. ## Links * [About code scanning](/en/code-security/concepts/code-scanning/about-code-scanning) You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub. * [About code scanning alerts](/en/code-security/concepts/code-scanning/about-code-scanning-alerts) Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights. * [Code security risk assessment](/en/code-security/concepts/code-scanning/code-security-risk-assessment) Generate a free code security risk assessment to understand your organization's exposure to vulnerabilities. * [About Copilot Autofix for code scanning](/en/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning) Copilot Autofix provides targeted recommendations to help you fix code scanning alerts and avoid introducing new security vulnerabilities. * [About setup types for code scanning](/en/code-security/concepts/code-scanning/setup-types) Depending on your needs, GitHub offers a default or advanced setup for code scanning. * [About integration with code scanning](/en/code-security/concepts/code-scanning/about-integration-with-code-scanning) You can perform code scanning externally and then display the results in GitHub, or configure webhooks that listen to code scanning activity in your repository. * [About SARIF files for code scanning](/en/code-security/concepts/code-scanning/sarif-files) SARIF files convert third-party analyses into alerts on GitHub. * [Code scanning alert tracking using issues](/en/code-security/concepts/code-scanning/code-scanning-alert-tracking-using-issues) Connect security findings to your team's workflow by linking code scanning alerts to issues for tracking and collaboration. * [Code scanning merge protection](/en/code-security/concepts/code-scanning/merge-protection) Code scanning rules prevent pull requests with potential vulnerabilities from being merged. * [Multi-repository variant analysis](/en/code-security/concepts/code-scanning/multi-repository-variant-analysis) MRVA lets you test a query in Visual Studio Code by running it against a large number of repositories. * [Concepts for CodeQL](/en/code-security/concepts/code-scanning/codeql) Understand the core concepts behind CodeQL and how it helps you find vulnerabilities and errors in your code. * [About the tool status page](/en/code-security/concepts/code-scanning/tool-status-page) The tool status page provides visibility into the health and performance of code scanning tools in your repository. * [CodeQL pull request alert metrics](/en/code-security/concepts/code-scanning/pull-request-alert-metrics) Understand CodeQL's performance in pull requests across your organizations. * [Repository properties for code scanning](/en/code-security/concepts/code-scanning/repository-properties) You can use repository properties to adjust code scanning to suit your needs.