GitHub Advanced Security must be enabled in order to use code scanning on private repositories.
On GitHub.com, navigate to the main page of the repository.
Under your repository name, click Settings . If you cannot see the "Settings" tab, select the dropdown menu, then click Settings .
In the "Security" section of the sidebar, click Code security and analysis .
Scroll down to "GitHub Advanced Security."
If there is an associated and active Enable button, GitHub Advanced Security is available for this repository but not yet enabled.
If use of GitHub Advanced Security is blocked by a policy, the Enable button is inactive and the owner of the policy is listed.