```Code Scanning (CodeQL)``` -> Scan GitHub repo for vulns ```Secret scanning (free)``` -> Auto-detect leaked tokens ```Branch protection rules``` -> Enforce checks before merge
Code Scanning (CodeQL)-> Scan GitHub repo for vulnsSecret scanning (free)-> Auto-detect leaked tokensBranch protection rules-> Enforce checks before merge