GitHub automatically closes a code scanning alert when the vulnerable code is fixedin the same branch where the alert was generated, usually via acommit inside a pull request. Simply clicking or triaging an alert does not resolve it. The alert is re-evaluated after each push to the branch, and if the issue no longer exists, it is marked as resolved.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit