# Detection Rules as Code ## What is detection rules as code? Users can define detection rules in YAML files and use GitHub to manage detection rules. This allows teams to collaborate on detection rules and review changes. Scanner provides a GitHub integration for syncing detection rules. Users can connect their GitHub repositories to Scanner and Scanner will automatically sync detection rules from GitHub. Scanner's detection rules as code feature also allows for tests to be specified in the YAML files. The tests are run in Scanner and must pass before detection rules are synced. > **Architecture:** To understand how Scanner's detection engine works under the hood and why it can efficiently run hundreds of detection rules simultaneously, see [Detection Rule Engine](/scanner/what-and-why/how-it-works/detection-rule-engine.md). To get started, see [Getting Started](/scanner/using-scanner-complete-feature-reference/detections-and-alerting/detection-rules/detection-rules-as-code/getting-started.md). ## How syncing works Scanner regularly syncs detection rules from GitHub repositories. When a sync is triggered, Scanner will read any changes in the repository, then [validate](/scanner/using-scanner-complete-feature-reference/detections-and-alerting/detection-rules/detection-rules-as-code/writing-detection-rules.md#schema) and [run tests](/scanner/using-scanner-complete-feature-reference/detections-and-alerting/detection-rules/detection-rules-as-code/writing-detection-rules.md#detection-rule-tests) for all rules. Then * If all rules pass, Scanner will create, update, or delete managed detection rules based on the current state of the YAML files in the GitHub repository. * If any rule fails, Scanner will not sync *any* changes (including those that passed) and will notify the user with an error. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/detections-and-alerting/detection-rules/detection-rules-as-code.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.