3df90fc9b8
Are you looking for something? Here is all of the GitHub Docs history in one single commit. Enjoy! 🎉
4.7 KiB
title, shortTitle, intro, product, permissions, redirect_from, versions
| title | shortTitle | intro | product | permissions | redirect_from | versions | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enabling code scanning for a repository | Enabling code scanning | You can enable {{ site.data.variables.product.prodname_code_scanning }} for your project's repository. | {{ site.data.reusables.gated-features.code-scanning }} | People with write permissions to a repository can enable {{ site.data.variables.product.prodname_code_scanning }} for the repository. |
|
|
{{ site.data.reusables.code-scanning.beta }} {{ site.data.reusables.code-scanning.enterprise-enable-code-scanning-actions }}
Options for enabling {{ site.data.variables.product.prodname_code_scanning }}
You decide how you generate {{ site.data.variables.product.prodname_code_scanning }} alerts, and which tools you use, at a repository level. {{ site.data.variables.product.product_name }} provides fully integrated support for {{ site.data.variables.product.prodname_codeql }} analysis, and also supports analysis using third-party tools. For more information, see "About {{ site.data.variables.product.prodname_codeql }}."
{{ site.data.reusables.code-scanning.enabling-options }}
Enabling {{ site.data.variables.product.prodname_code_scanning }} using actions
{% if currentVersion == "free-pro-team@latest" %}Using actions to run {{ site.data.variables.product.prodname_code_scanning }} will use minutes. For more information, see "About billing for {{ site.data.variables.product.prodname_actions }}."{% endif %}
{{ site.data.reusables.repositories.navigate-to-repo }}
{{ site.data.reusables.repositories.sidebar-security }}
3. To the right of "Code scanning", click Set up code scanning.
4. Under "Get started with code scanning", click Set up this workflow on the {{ site.data.variables.product.prodname_codeql_workflow }} or on a third-party workflow.
5. Optionally, to customize how {{ site.data.variables.product.prodname_code_scanning }} scans your code, edit the workflow. For more information, see "Configuring {{ site.data.variables.product.prodname_code_scanning }}."
6. Use the Start commit drop-down, and type a commit message.
7. Choose whether you'd like to commit directly to the default branch, or create a new branch and start a pull request.
8. Click Commit new file or Propose new file.
After you commit the workflow file or create a pull request, {{ site.data.variables.product.prodname_code_scanning }} will analyze your code according to the frequency you specified in your workflow file. If you created a pull request, {{ site.data.variables.product.prodname_code_scanning }} will only analyze the code on the pull request's topic branch until you merge the pull request into the default branch of the repository.
Next steps
After you enable {{ site.data.variables.product.prodname_code_scanning }}, you can monitor analysis, view results, and further customize how you scan your code.
- You can view the run status of {{ site.data.variables.product.prodname_code_scanning }} and get notifications for completed runs. For more information, see "Managing a workflow run" and "Configuring notifications."
- After a scan completes, you can view alerts from a completed scan. For more information, see "Managing alerts from {{ site.data.variables.product.prodname_code_scanning }}."
- You can customize how {{ site.data.variables.product.prodname_code_scanning }} scans the code in your repository. For more information, see "Configuring code scanning."