title: 'Phase 5: Rollout and scale code scanning'
intro: >-
You can {% ifversion security-configuration-enterprise-level %}use security
configurations{% else %}leverage the available APIs{% endif %} to rollout {%
data variables.product.prodname_code_scanning %} across your enterprise{%
ifversion security-configurations %}{% else %} using the repository data you
collected earlier{% endif %}.
versions:
ghes: '*'
ghec: '*'
topics:
- Code Security
- Secret Protection
shortTitle: 5. Rollout code scanning
This article is part of a series on adopting {% data variables.product.prodname_GHAS %} at scale. For the previous article in this series, see AUTOTITLE.
{% ifversion security-configurations %}
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
{% endif %}
Enabling code scanning
After piloting {% data variables.product.prodname_code_scanning %} and creating internal documentation for best practices, you can enable {% data variables.product.prodname_code_scanning %} across your company. You can configure {% data variables.product.prodname_code_scanning %} default setup for all repositories in an organization from security overview. For more information, see AUTOTITLE.
{% data reusables.advanced-security.enable-default-setup-first %}
Building subject matter expertise
To successfully manage and use {% data variables.product.prodname_code_scanning %} across your company, you should build internal subject matter expertise. For default setup for {% data variables.product.prodname_code_scanning %}, one of the most important areas for subject matter experts (SMEs) to understand is interpreting and fixing {% data variables.product.prodname_code_scanning %} alerts. For more information about {% data variables.product.prodname_code_scanning %} alerts, see:
You'll also need SMEs if you need to use advanced setup for {% data variables.product.prodname_code_scanning %}. These SMEs will need knowledge of {% data variables.product.prodname_code_scanning %} alerts, as well as topics like {% data variables.product.prodname_actions %} and customizing {% data variables.product.prodname_code_scanning %} workflows for particular frameworks. For custom configurations of advanced setup, consider running meetings on complicated topics to scale the knowledge of several SMEs at once.
{% ifversion security-overview-org-codeql-pr-alerts %}
For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see AUTOTITLE.
{% endif %}
{% ifversion copilot-chat-ghas-alerts %}
With a {% data variables.copilot.copilot_enterprise %} license, you can also ask {% data variables.copilot.copilot_chat %} for help to better understand {% data variables.product.prodname_code_scanning %} alerts in repositories in your organization. For more information, see AUTOTITLE.
{% endif %}
For the next article in this series, see AUTOTITLE.