The tool helps detect vulnerabilities in the development process by, among other things, issuing alerts in the ‘Security’ and pull requests tab of repositories. The beta release features machine learning functionality. According to GitHub, machine learning initially results in more false positives, becoming more accurate as the tool is used.
Semmle and availability
The tool is not entirely new. Instead, the release was built on code analysis technology from Semmle, acquired by GitHub in 2019. The GitHub code scanning beta is free for public repositories. The tool is also available as a GitHub Advanced Security feature for GitHub Enterprise private repositories.