First configure advanced security and enable code scanning: 配置代码扫描的默认设置 - GitHub 文档

Optional

In the repository’s settings/rules, set up a branch to enable “Require code scanning results”, which requires code scanning to be completed before allowing updates to that branch.