GitHub adds scheduled code scanning for inactive repos
GitHub code scanning now offers scheduled security scans for repositories that have been inactive for six months. This feature helps organizations maintain continuous security posture by ensuring even dormant codebases are regularly checked for vulnerabilities. It is available for organizations seeking to enhance their security practices on the platform.
- →Scheduled code scanning for inactive repositories
- →Purpose of scanning inactive repositories
Features (1) ›
- Scheduled code scanning for inactive repositories
GitHub code scanning now supports periodic security scans for repositories that have seen no activity (pushes or pull requests) for at least six months. This enhancement helps maintain a continuous security posture across all organizational codebases, including those that are infrequently updated.
Notes (1) ›
- Purpose of scanning inactive repositories
This new capability allows organizations to ensure consistent security coverage for all their code, regardless of recent commit activity. It addresses the challenge of maintaining security hygiene for long-lived but less frequently modified projects.
https://github.blog/changelog/2026-06-09-periodic-code-scanning-of-inactive-repositories