Explain the difference between a Code Scanning alert and a Dependabot alert.

The difference being tested is what each alert monitors and reports on. Code Scanning alerts come from static analysis of your source code, looking for insecure coding patterns, potential vulnerabilities, or risky configurations inside the codebase itself. They analyze the code you write (and sometimes its configuration) to identify issues such as unsafe patterns or logic flaws that could lead to security problems. Dependabot alerts, on the other hand, focus on your project’s dependencies. They track known vulnerabilities in libraries and packages your project uses, including transitive dependencies, and notify you when a dependency has a published security advisory so you can update to a safe version. So the best answer reflects that distinction: Code Scanning flags findings in the code through static analysis, while Dependabot flags vulnerabilities in the dependencies.