![]() ![]() For more information, see " Managing code scanning alerts for your repository."Īdditionally, when an on:push scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. If you scan on push, then the results appear in the Security tab for your repository. For more information, see " Workflow syntax for GitHub Actions." For code scanning to be triggered on a specified branch, the workflow must exist in that branch. Scanning on pushīy default, the CodeQL analysis workflow uses the on.push event to trigger a code scan on every push to the default branch of the repository and any protected branches. Scanning code on a schedule informs you about the latest vulnerabilities and errors that GitHub, security researchers, and the community discover, even when developers aren't actively maintaining the repository. Scanning code when someone pushes a change, and whenever a pull request is created, prevents developers from introducing new vulnerabilities and errors into the code. You can configure the CodeQL analysis workflow to scan code on a schedule or when specific events occur in a repository. You can choose to commit directly to the current branch, or create a new branch and start a pull request.įor more information about editing workflow files, see " Learn GitHub Actions." Configuring frequency After you have edited the file, click Start commit and complete the "Commit changes" form.In the upper right corner of the file view, to open the workflow editor, click.In your repository, browse to the workflow file you want to edit. ![]() For example, by default, the workflow file for CodeQL code scanning is called codeql-analysis.yml. You can find a workflow you have added by searching for its file name. github/workflows directory of your repository. The specific examples given in this article relate to the CodeQL analysis workflow file. You can find a selection of these on the "Get started with code scanning" page, which you can access from the Security tab. GitHub Marketplace contains other code scanning workflows you can use. For more information, see " Configuring advanced setup for code scanning."ĬodeQL analysis is just one type of code scanning you can do in GitHub. With advanced setup for code scanning, you can customize a code scanning workflow for granular control over your configuration. For more information, see " Learn GitHub Actions" or " About CodeQL code scanning in your CI system." You can run code scanning on GitHub, using GitHub Actions, or from your continuous integration (CI) system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |