jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-20 10:28:40 -05:00
Code Issues Projects Releases Wiki Activity
Files
decfe977a1dda9ef7ffedd9111944ce2ec0b6abd
docs/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
Sam Browning c13a7af4cb [MVP] Refactor code scanning docs to prioritize default setup (#38572) 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Dorothy Mitchell <dorothymitchell@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Grace Park <gracepark@github.com>
2023-07-17 15:42:37 +00:00

3.4 KiB
Raw Blame History

title, shortTitle, intro, product, versions, type, topics, allowTitleToDifferFromFilename
title shortTitle intro product versions type topics allowTitleToDifferFromFilename
Configuring {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}code scanning with CodeQL at scale CodeQL {% ifversion code-scanning-without-workflow %}advanced setup{% else %}code scanning{% endif %} at scale You can use a script to configure advanced setup for {% data variables.product.prodname_code_scanning %} for a specific group of repositories in your organization. {% data reusables.gated-features.code-scanning %}
fpt ghec ghes ghae
* * * *
how_to
Advanced Security
Code scanning
true

About configuring advanced setup for {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} at scale

If you need to configure a highly customizable {% data variables.product.prodname_code_scanning %} setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can configure {% data variables.product.prodname_code_scanning %} at scale with advanced setup.

To configure advanced setup across multiple repositories, you can write a bulk configuration script. To successfully execute the script, {% data variables.product.prodname_actions %} must be enabled for the {% ifversion fpt %}organization{% elsif ghec or ghae %}organization or enterprise{% elsif ghes %}site{% endif %}.

{% ifversion code-scanning-without-workflow %} Alternatively, if you do not need granular control over the {% data variables.product.prodname_code_scanning %} configuration for many repositories in your organization, you can quickly and easily configure {% data variables.product.prodname_code_scanning %} at scale with default setup. For more information, see "AUTOTITLE." {% endif %}

Using a script to configure advanced setup

For repositories that are not eligible for default setup, you can use a bulk configuration script to configure advanced setup across multiple repositories.

  1. Identify a group of repositories that can be analyzed using the same {% data variables.product.prodname_code_scanning %} configuration. For example, all repositories that build Java artifacts using the production environment.
  2. Create and test a {% data variables.product.prodname_actions %} workflow to call the {% data variables.product.prodname_codeql %} action with the appropriate configuration. For more information, see {% ifversion code-scanning-without-workflow %}"AUTOTITLE."{% else %}"AUTOTITLE."{% endif %}
  3. Use one of the example scripts create a custom script to add the workflow to each repository in the group.
Reference in New Issue View Git Blame Copy Permalink