Periodic code scanning of inactive repositories
GitHub announced a new feature for periodic code scanning of inactive repositories. The feature automatically schedules code scanning runs on repositories that have not had recent commits or activity. This ensures that security vulnerabilities are still detected in projects that may be dormant or unmaintained, reducing the risk of undetected issues. The scanning runs on a periodic basis, as determined by GitHub, and does not require any configuration from repository owners. This extends the reach of GitHub's code scanning capabilities to cover the long tail of repositories that might otherwise be overlooked. The feature is available to all repositories that have code scanning enabled, and it operates without additional cost or setup.
Automated scanning of inactive repos helps prevent dormant code from harboring undiscovered vulnerabilities.