Code scanning now creates alert-related events in audit log

The enterprise and organization-level audit log events are now created when a code scanning alert is created, fixed, dismissed, reopened, or appeared in a new branch:

code_scanning.alert_created – a code scanning alert was seen for the first time;
code_scanning.alert_appeared_in_branch – an existing code scanning alert appeared in a branch;
code_scanning.alert_closed_became_fixed – a code scanning alert was fixed;
code_scanning.alert_reappeared – a code scanning alert that was previously fixed reappeared;
code_scanning.alert_closed_by_user – a code scanning alert was manually dismissed;
code_scanning.alert_reopened_by_user – a code scanning alert that was previously dismissed was reopened.

The new functionality, which will be included in GHES 3.17, provides more insight into the history of a code scanning alert for easier troubleshooting and analysis.

For more information:

JUN.17Improvement
Secret scanning updates – June 2026
- Application Security
JUN.16Release
GitHub Code Quality generally available July 20, 2026
- Application Security
JUN.16Release
Organization-level enablement for GitHub Code Quality
- Application Security
JUN.10Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
- Application Security
JUN.10Improvement
Dedicated security review command now available in Copilot CLI
- Application Security
JUN.9Release
Periodic code scanning of inactive repositories
- Application Security
JUN.9Improvement
Security validation for third-party coding agents
- Application Security
JUN.5Improvement
CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage
- Application Security
JUN.2Release
Cloud and local sandboxes for GitHub Copilot now in public preview
- Application Security

Code scanning now creates alert-related events in audit log

Related Posts

Subscribe to our developer newsletter