sampart
commented
2 months ago Hello from GitHub Code Scanning, and thanks for getting in touch, @mcandre. The behaviour you're describing isn't what I'd expect to see on that page, so I'd like to investigate further. Please could you post a screenshot of what you're seeing on that page, and let us know the organisation name? Many thanks.
The "Code security and analysis" personal org settings page lists several options for Dependabot SCA third party security scans, but lists no option for CodeQL SAST first party security scans.
This males it unnecessarily difficult for GitHub users to consistently scan all their repositories. We'd just as well assume that millions of GitHub repos are insecure, rife with SAST violations.