GitHub Advanced Security

All

88 repositories

monorepo-code-scanning-action
Public
Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define
actions monorepo sast codeql advanced-security code-scanning-ready
JavaScript
•
MIT License
•0•1•0•1•Updated Nov 14, 2024Nov 14, 2024
qlsh
Public
qlsh - a CodeQL REPL/shell for running interactive queries against a CodeQL database
Shell
•
MIT License
•0•1•1•0•Updated Nov 14, 2024Nov 14, 2024
ghas-reviewer-app
Public
GitHub Advanced Security Pull Request Security Team required review GitHub App
github-app advanced-security
Python
•
MIT License
•9•34•6•3•Updated Nov 14, 2024Nov 14, 2024
secret-scanning-review-action
Public
Action to detect if a secret is initially detected in a pull request
Python
•
MIT License
•3•12•5•1•Updated Nov 13, 2024Nov 13, 2024
codeql-summarize
Public
CodeQL Summary Generator
Python
•
MIT License
•2•6•2•2•Updated Nov 11, 2024Nov 11, 2024
codeql-extractor-iac
Public
CodeQL Extractor, Library, and Queries for Infrastructure as Code
CodeQL
•
MIT License
•5•39•16•2•Updated Nov 11, 2024Nov 11, 2024
policy-as-code
Public
GitHub Advanced Security Policy as Code
Python
•
MIT License
•15•72•12•2•Updated Nov 11, 2024Nov 11, 2024
remap-sarif
Public
Remap a SARIF file with sourcemaps
Python
•
MIT License
•5•3•3•0•Updated Nov 6, 2024Nov 6, 2024
conan-dependency-submission
Public
Conan Dependency Submission to GitHub
Python
•
MIT License
•1•0•2•0•Updated Nov 6, 2024Nov 6, 2024
ghas-to-csv
Public
Play with GHAS API to provide posture data over time
github-advanced-security csv github-actions
Python
•
MIT License
•16•32•4•1•Updated Nov 6, 2024Nov 6, 2024
codeql-sarif-security-standard-annotator
Public
Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard
TypeScript
•
MIT License
•1•7•1•14•Updated Nov 5, 2024Nov 5, 2024
component-detection-dependency-submission-action
Public
TypeScript
•
MIT License
•5•9•5•6•Updated Nov 4, 2024Nov 4, 2024
spdx-dependency-submission-action
Public
JavaScript
•
MIT License
•3•12•2•6•Updated Nov 4, 2024Nov 4, 2024
probot-security-alerts
Public
Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts
nodejs probot sample security typescript security-alerts ghas
TypeScript
•
MIT License
•9•20•8•8•Updated Nov 1, 2024Nov 1, 2024
python-lint-code-scanning-action
Public
Lint and type check Python with your choice of popular linters, and upload results to GitHub Code Scanning
Python
•
MIT License
•3•0•2•1•Updated Oct 31, 2024Oct 31, 2024
awesome-codeql
Public
A curated list of awesome CodeQL resources.
awesome awesome-list
MIT License
•2•20•0•0•Updated Oct 30, 2024Oct 30, 2024
spotbugs-findsecbugs-action
Public
Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning
MIT License
•5•5•1•0•Updated Oct 18, 2024Oct 18, 2024
set-codeql-language-matrix
Public
Automatically set the CodeQL matrix job using the languages in your repository.
codeql
Python
•
MIT License
•7•11•1•0•Updated Oct 17, 2024Oct 17, 2024
filter-sarif
Public
GitHub Action for filtering Code Scanning alerts by path and id
sarif code-scanning github-advanced-security
Java
•
Apache License 2.0
•8•22•2•1•Updated Oct 16, 2024Oct 16, 2024
slack-secret-scanning-notifier-azure-function
Public
Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
slack-bot secret-scanning github-advanced-security
TypeScript
•
MIT License
•2•2•3•0•Updated Oct 16, 2024Oct 16, 2024
teams-secret-scanning-notifier-azure-function
Public
Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
github-app security-team azure-function secret-scanning github-advanced-security microsoft-teams-bot
TypeScript
•
MIT License
•1•5•1•0•Updated Oct 16, 2024Oct 16, 2024
demo-java
Public
GitHub Advanced Security scanning tutorial repository for Java
demo example advanced-security security static-analysis devsecops
Java
•
MIT License
•260•8•0•2•Updated Oct 15, 2024Oct 15, 2024
codeql-workshops-staging
Public
Original workshops and staging area for new ones
CodeQL
•
MIT License
•7•12•2•1•Updated Oct 15, 2024Oct 15, 2024
SARIF-viewer
Public
JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
Kotlin
•
MIT License
•2•8•3•3•Updated Oct 14, 2024Oct 14, 2024
cocoapods-dependency-submission-action
Public
CocoaPods Lockfile Dependency Submission Action
Python
•
MIT License
•3•5•2•0•Updated Oct 14, 2024Oct 14, 2024
brew-dependency-submission-action
Public
Brew Lockfile Dependency Submission Action
homebrew brew actions
Python
•
MIT License
•4•3•1•3•Updated Oct 14, 2024Oct 14, 2024
codeql_container_example
Public
This repository serves as an exemplary resource demonstrating how to set up CodeQL to scan containerized applications for vulnerabilities. Its primary objective is to showcase the implementation of CodeQL in the code scanning process.
containers codeql codescanning
TypeScript
•
MIT License
•1•0•0•0•Updated Oct 11, 2024Oct 11, 2024
gh-codeql-scan
Public
GH CLI CodeQL Scan Extension
codeql ghas gh-extension
Shell
•
MIT License
•5•18•1•0•Updated Oct 10, 2024Oct 10, 2024
advanced-security-material
Public
code-scanning codeql advanced-security advanced-security-training security
Shell
•23•67•1•1•Updated Oct 2, 2024Oct 2, 2024
sample-codeql-pipeline-config
Public
Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning
MIT License
•6•15•0•1•Updated Sep 27, 2024Sep 27, 2024