jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 19:34:15 -05:00
Code Issues Projects Releases Wiki Activity

merge from main

Browse Source
This commit is contained in:
Sarita Iyer
2021-10-12 13:22:49 -04:00
parent 632d4eb6aa
commit fd4ad9f889
141 changed files with 853 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md
View File

@@ -8,6 +8,7 @@ versions:
fpt: '*'
ghes: '>=3.0'
ghae: '*'
miniTocMaxHeadingLevel: 3
redirect_from:
- /github/managing-security-vulnerabilities/managing-alerts-from-automated-code-scanning
- /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning
@@ -58,6 +59,25 @@ To calculate the security severity of an alert, we use Common Vulnerability Scor
By default, any code scanning results with a security severity of `Critical` or `High` will cause a check failure. You can specify which security severity level for code scanning results should cause a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
### About labels for alerts that are not found in application code
{% data variables.product.product_name %} assigns a category label to alerts that are not found in application code. The label relates to the location of the alert.
- **Generated**: Code generated by the build process
- **Test**: Test code
- **Library**: Library or third-party code
- **Documentation**: Documentation
{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. You cannot manually categorize source files.
Here is an example from the {% data variables.product.prodname_code_scanning %} alert list of an alert marked as occuring in library code.
![Code scanning library alert in list](/assets/images/help/repository/code-scanning-library-alert-index.png)
On the alert page, you can see that the filepath is marked as library code (`Library` label).
![Code scanning library alert details](/assets/images/help/repository/code-scanning-library-alert-show.png)
## Viewing the alerts for a repository
Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
@@ -112,14 +132,7 @@ If you enter multiple filters, the view will show alerts matching _all_ these fi
### Restricting results to application code only
You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. Application code excludes the following.
- Code generated by the build process
- Test code
- Library or third-party code
- Documentation
{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. At this time, you cannot manually categorize source files.
You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. See "[About labels for alerts not in application code](#about-labels-for-alerts-that-are-not-found-in-application-code)" above for more information about the types of code that are not application code.
{% ifversion fpt or ghes > 3.1 %}