Scanning code on a schedule informs you about the latest vulnerabilities and errors that GitHub, security researchers, and the community discover, even when developers aren't actively maintaining the repository. Scanning code when someone pushes a change, and whenever a pull request is created, prevents developers from introducing new vulnerabilities and errors into the code. You can configure the CodeQL analysis workflow to scan code on a schedule or when specific events occur in a repository. You can choose to commit directly to the current branch, or create a new branch and start a pull request.įor more information about editing workflow files, see " Learn GitHub Actions." Configuring frequency After you have edited the file, click Start commit and complete the "Commit changes" form.In the upper right corner of the file view, to open the workflow editor, click.In your repository, browse to the workflow file you want to edit.For example, by default, the workflow file for CodeQL code scanning is called codeql-analysis.yml. You can find a workflow you have added by searching for its file name. github/workflows directory of your repository. The specific examples given in this article relate to the CodeQL analysis workflow file. You can find a selection of these on the "Get started with code scanning" page, which you can access from the Security tab. GitHub Marketplace contains other code scanning workflows you can use. You might also need to edit the CodeQL analysis workflow if you use a specific set of commands to compile your code.ĬodeQL analysis is just one type of code scanning you can do in GitHub. For example, you can edit GitHub's CodeQL analysis workflow to specify the frequency of scans, the languages or directories to scan, and what CodeQL code scanning looks for in your code. However, if required, you can edit the workflow to customize some of the settings. Typically, you don't need to edit the default workflow for code scanning. For more information, see " Setting up code scanning for a repository." This article is about running code scanning on GitHub using actions.īefore you can configure code scanning for a repository, you must set up code scanning by adding a GitHub Actions workflow to the repository. " About CodeQL code scanning in your CI system."
For more information, see " About GitHub Actions" or You can run code scanning on GitHub, using GitHub Actions, or from your continuous integration (CI) system.
0 kommentar(er)
