Repositories list

• codeql-sap-js

  Public
  CodeQL models for SAP JavaScript frameworks CAP, UI5 and XSJS

  CodeQL

  •

  MIT License

  •1•5•4•6•Updated Feb 18, 2025Feb 18, 2025

• reusable-workflows

  Public
  Advanced Security Reusable GitHub Actions Workflows

  MIT License

  •2•2•4•2•Updated Feb 18, 2025Feb 18, 2025

• component-detection-dependency-submission-action

  Public
  TypeScript

  •

  MIT License

  •6•16•6•6•Updated Feb 17, 2025Feb 17, 2025

• codeql-extractor-iac

  Public
  CodeQL Extractor, Library, and Queries for Infrastructure as Code

  CodeQL

  •

  MIT License

  •6•46•16•3•Updated Feb 17, 2025Feb 17, 2025

• codeql-summarize

  Public
  CodeQL Summary Generator

  Python

  •

  MIT License

  •2•7•2•1•Updated Feb 17, 2025Feb 17, 2025

• policy-as-code

  Public
  GitHub Advanced Security Policy as Code

  Python

  •

  MIT License

  •17•79•12•3•Updated Feb 17, 2025Feb 17, 2025

• monorepo-code-scanning-action

  Public
  Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

  actionsmonoreposast+ 3codeqladvanced-securitycode-scanning-ready

  JavaScript

  •

  MIT License

  •0•6•2•1•Updated Feb 14, 2025Feb 14, 2025

• sample-javascript-monorepo

  Public
  TypeScript

  •

  MIT License

  •0•0•0•2•Updated Feb 14, 2025Feb 14, 2025

• python-lint-code-scanning-action

  Public
  Lint and type check Python with your choice of popular linters, and upload results to GitHub Code Scanning

  Python

  •

  MIT License

  •3•0•3•0•Updated Feb 13, 2025Feb 13, 2025

• awesome-codeql

  Public
  A curated list of awesome CodeQL resources.

  awesomeawesome-list

  MIT License

  •2•32•0•0•Updated Feb 13, 2025Feb 13, 2025

• ghas-reviewer-app

  Public
  GitHub Advanced Security Pull Request Security Team required review GitHub App

  github-appadvanced-security

  Python

  •

  MIT License

  •10•35•5•2•Updated Feb 11, 2025Feb 11, 2025

• gh-ghas-audit

  Public
  GitHub CLI extension to audit GHAS and code scanning setup for one or more organizations and repositories.

  Go

  •

  MIT License

  •0•2•0•0•Updated Feb 11, 2025Feb 11, 2025

• sbom-generator-action

  Public archive
  JavaScript

  •

  MIT License

  •5•15•3•0•Updated Feb 7, 2025Feb 7, 2025

• cocoapods-dependency-submission-action

  Public
  CocoaPods Lockfile Dependency Submission Action

  Python

  •

  MIT License

  •3•5•2•0•Updated Feb 3, 2025Feb 3, 2025

• advanced-security-material

  Public
  code-scanningcodeqladvanced-security+ 2advanced-security-trainingsecurity

  Shell

  •24•70•0•2•Updated Jan 28, 2025Jan 28, 2025

• SARIF-viewer

  Public
  JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

  Kotlin

  •

  MIT License

  •2•9•3•2•Updated Jan 27, 2025Jan 27, 2025

• teams-secret-scanning-notifier-azure-function

  Public
  Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

  github-appsecurity-teamazure-function+ 3secret-scanninggithub-advanced-securitymicrosoft-teams-bot

  TypeScript

  •

  MIT License

  •1•5•1•1•Updated Jan 21, 2025Jan 21, 2025

• slack-secret-scanning-notifier-azure-function

  Public
  Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

  slack-botsecret-scanninggithub-advanced-security

  TypeScript

  •

  MIT License

  •2•2•3•1•Updated Jan 21, 2025Jan 21, 2025

• secret-scanning-review-action

  Public
  Action to detect if a secret is initially detected in a pull request

  Python

  •

  MIT License

  •3•15•6•2•Updated Jan 13, 2025Jan 13, 2025

• ghas-to-csv

  Public
  Play with GHAS API to provide posture data over time

  github-advanced-securitycsvgithub-actions

  Python

  •

  MIT License

  •16•34•3•0•Updated Jan 10, 2025Jan 10, 2025

• dismiss-alerts

  Public
  Java

  •

  MIT License

  •3•14•4•8•Updated Dec 9, 2024Dec 9, 2024

• gh-add-files

  Public
  A GitHub CLI Extension that allows you to add files to your GitHub repositories directly from the command line

  gh-extension

  Go

  •

  MIT License

  •1•4•0•1•Updated Nov 27, 2024Nov 27, 2024

• brew-dependency-submission-action

  Public
  Brew Lockfile Dependency Submission Action

  homebrewbrewactions

  Python

  •

  MIT License

  •4•3•1•3•Updated Nov 25, 2024Nov 25, 2024

• codeql-sarif-security-standard-annotator

  Public
  Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard

  TypeScript

  •

  MIT License

  •1•7•1•14•Updated Nov 21, 2024Nov 21, 2024

• spdx-dependency-submission-action

  Public
  JavaScript

  •

  MIT License

  •3•12•2•6•Updated Nov 18, 2024Nov 18, 2024

• qlsh

  Public
  qlsh - a CodeQL REPL/shell for running interactive queries against a CodeQL database

  Shell

  •

  MIT License

  •0•3•1•0•Updated Nov 14, 2024Nov 14, 2024

• remap-sarif

  Public
  Remap a SARIF file with sourcemaps

  Python

  •

  MIT License

  •5•5•3•0•Updated Nov 6, 2024Nov 6, 2024

• conan-dependency-submission

  Public
  Conan Dependency Submission to GitHub

  Python

  •

  MIT License

  •1•0•2•0•Updated Nov 6, 2024Nov 6, 2024

• probot-security-alerts

  Public
  Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts

  nodejsprobotsample+ 4securitytypescriptsecurity-alertsghas

  TypeScript

  •

  MIT License

  •12•22•8•8•Updated Nov 1, 2024Nov 1, 2024

• spotbugs-findsecbugs-action

  Public
  Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning

  MIT License

  •5•5•1•0•Updated Oct 18, 2024Oct 18, 2024