[Ready to ship - June 1] - Code scanning free text search (#19391)

* made a start * more fixes * Update content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md Co-authored-by: Nick Fyson <nickfyson@github.com> * Update content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> * clarify tip * improvement now only available on GHES 3.3 and later versions Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com> Co-authored-by: Nick Fyson <nickfyson@github.com> Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2025-12-22 11:26:57 -05:00 · 2021-06-01 10:59:33 +01:00
parent 4bc37604f8
commit 2843cfffb3
3 changed files with 39 additions and 2 deletions
--- a/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
+++ b/content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
@@ -48,7 +48,7 @@ You need write permission to view a summary of all the alerts for a repository o
 {% data reusables.repositories.sidebar-security %}
 {% data reusables.repositories.sidebar-code-scanning-alerts %}
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
-1. Optionally, use the drop-down menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
+1. Optionally, use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search box or{% endif %} the drop-down menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
  ![Filter by tool](/assets/images/help/repository/code-scanning-filter-by-tool.png){% endif %}
 1. Under "{% data variables.product.prodname_code_scanning_capc %}," click the alert you'd like to explore.
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
@@ -61,12 +61,49 @@ You need write permission to view a summary of all the alerts for a repository o
 1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
  ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png)

+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %}
+### Searching {% data variables.product.prodname_code_scanning %} alerts
+
+You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across:
+- The name of the alert
+- The alert description
+- The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section)
+
+ ![The alert information used in searches](/assets/images/help/repository/code-scanning-free-text-search-areas.png)
+
+| Supported search | Syntax example | Results |
+| ---- | ---- | ---- |
+| Single word search | `injection` | Returns all the alerts containing the word `injection` |
+| Multiple word search | `sql injection` | Returns all the alerts containing `sql` or `injection` |
+| Exact match search</br>(use double quotes) |  `"sql injection"` | Returns all the alerts containing the exact phrase `sql injection` |
+| OR search | `sql OR injection` | Returns all the alerts containing `sql` or `injection` |
+| AND search | `sql AND injection` | Returns all the alerts containing both words `sql` and `injection` | 
+
+{% tip %}
+
+**Tips:** 
+- The multiple word search is equivalent to an OR search.
+- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details.
+
+{% endtip %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. To the right of the **Filters** drop-down menus, type the keywords to search for in the free text search box.
+  ![The free text search box](/assets/images/help/repository/code-scanning-search-alerts.png)
+2. Press <kbd>return</kbd>. The alert listing will contain the open {% data variables.product.prodname_code_scanning %} alerts matching your search criteria.
+
+{% endif %}
+
 ### Fixing an alert

 Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)" and "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."

 If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have dismissed.

+You can use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed. 
+
 Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.

 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
@@ -105,7 +142,7 @@ To dismiss or delete alerts:

   ![Deleting alerts](/assets/images/help/repository/code-scanning-delete-alerts.png)

-   Optionally, you can use the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.
+   Optionally, you can use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search or{% endif %} the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.

 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
  ![Filter alerts by rule](/assets/images/help/repository/code-scanning-filter-by-rule.png)