5.8 KiB
title, intro, product, redirect_from, versions, topics
| title | intro | product | redirect_from | versions | topics | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| About code scanning | You can use {% data variables.product.prodname_code_scanning %} to find security vulnerabilities and errors in the code for your project on {% data variables.product.prodname_dotcom %}. | {% data reusables.gated-features.code-scanning %} |
|
|
|
{% data reusables.code-scanning.beta %} {% data reusables.code-scanning.enterprise-enable-code-scanning %}
About {% data variables.product.prodname_code_scanning %}
{% data reusables.code-scanning.about-code-scanning %}
You can use {% data variables.product.prodname_code_scanning %} to find, triage, and prioritize fixes for existing problems in your code. {% data variables.product.prodname_code_scanning_capc %} also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.
If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "Managing {% data variables.product.prodname_code_scanning %} alerts for your repository."
To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see "Webhook events and payloads." For information about API endpoints, see "{% data variables.product.prodname_code_scanning_capc %}."
To get started with {% data variables.product.prodname_code_scanning %}, see "Setting up {% data variables.product.prodname_code_scanning %} for a repository."
About {% data variables.product.prodname_codeql %}
You can use {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}, a semantic code analysis engine. {% data variables.product.prodname_codeql %} treats code as data, allowing you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers.
{% data variables.product.prodname_ql %} is the query language that powers {% data variables.product.prodname_codeql %}. {% data variables.product.prodname_ql %} is an object-oriented logic programming language. {% data variables.product.company_short %}, language experts, and security researchers create the queries used for {% data variables.product.prodname_code_scanning %}, and the queries are open source. The community maintains and updates the queries to improve analysis and reduce false positives. For more information, see {% data variables.product.prodname_codeql %} on the GitHub Security Lab website.
{% data variables.product.prodname_code_scanning_capc %} with {% data variables.product.prodname_codeql %} supports both compiled and interpreted languages, and can find vulnerabilities and errors in code that's written in the supported languages.
{% data reusables.code-scanning.codeql-languages-bullets %}
You can view and contribute to the queries for {% data variables.product.prodname_code_scanning %} in the github/codeql repository. For more information, see {% data variables.product.prodname_codeql %} queries in the {% data variables.product.prodname_codeql %} documentation.
{% if currentVersion == "free-pro-team@latest" %}
About billing for {% data variables.product.prodname_code_scanning %}
{% data variables.product.prodname_code_scanning_capc %} uses {% data variables.product.prodname_actions %}, and each run of a {% data variables.product.prodname_code_scanning %} workflow consumes minutes for {% data variables.product.prodname_actions %}. For more information, see "About billing for {% data variables.product.prodname_actions %}."
{% endif %}
About third-party {% data variables.product.prodname_code_scanning %} tools
{% data reusables.code-scanning.interoperable-with-tools-that-output-sarif %}
You can run third-party analysis tools within {% data variables.product.product_name %} using actions or within an external CI system. For more information, see "Setting up code scanning for a repository" or "Uploading a SARIF file to GitHub."
Further reading
- "About securing your repository"
- {% data variables.product.prodname_security %}
- OASIS Static Analysis Results Interchange Format (SARIF) TC on the OASIS Committee website