In the background, this new feature uses the CodeQL engine, GitHub’s semantic analysis engine to find vulnerabilities in code, even before it has been executed.