Skip to main content

Error: "GitHub Code Security or GitHub Advanced Security must be enabled for this repository to use code scanning"

If you see this error, make sure that GitHub Code Security is enabled.

About this error

GitHub Code Security or GitHub Advanced Security must be enabled for this repository to use code scanning 403: GitHub Code Security or GitHub Advanced Security is not enabled 

This error is reported if you try to run code scanning in a repository where GitHub Code Security is not enabled or where use of this feature is blocked by a policy.

Confirming the cause of the error

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. On the settings page, scroll down to "Code Scanning."

  5. If there is an associated and active Enable button, GitHub Code Security is available for this repository but not yet enabled.

  6. If use of GitHub Code Security is blocked by a policy, " Disabled" is shown in place of the Enable button.

    "Screenshot of the Advanced Security" setting. The disabled option is highlighted in dark orange.

Fixing the problem

If GitHub Code Security is available to your repository, you can enable it on the settings page.

If GitHub Code Security is blocked by a policy, you first need to request access.

Requesting access to GitHub Code Security

  1. In the "Advanced Security" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to Code Scanning products. For more information, see Enforcing policies for code security and analysis for your enterprise.
  2. Follow your company's policy for requesting access to additional features.

Enabling GitHub Code Security

  1. Open the "Code security" settings page.
  2. Next to the "Code Scanning" feature, click Enable.
  3. Rerun code scanning.