← 返回首页

Reference for code scanning - GitHub Docs

Version: Free, Pro, & Team

Getting started
- GitHub security features
- Secure repository quickstart
Concepts
How-tos
- Secure at scale
  - Configure enterprise security
    - Configure specific tools
      - Allow Code Quality
      - Configure VNET
  - Configure organization security
    - Establish complete coverage
    - Manage your coverage
    - Configure specific tools
    - Manage usage and access
      - Give access to private registries
      - Manage paid GHAS use
- Secure your secrets
  - Detect secret leaks
  - Customize leak detection
  - Prevent future leaks
    - Enable push protection
    - Manage user push protection
  - Work with leak prevention
    - Push protection on the command line
    - Push protection in the GitHub UI
  - Manage bypass requests
- Find and fix code vulnerabilities
  - Configure code scanning
    - Configure code scanning
    - Configure advanced setup
  - Manage your configuration
  - Scan from the command line
  - Scan from VS Code
  - Integrate with existing tools
    - Use with existing CI system
    - Upload a SARIF file
- Secure your supply chain
- Manage security alerts
  - Remediate at scale
  - Secret scanning alerts
  - Code scanning alerts
  - Dependabot alerts
- Maintain quality code
- Report and fix vulnerabilities
  - Configure vulnerability reporting
    - Add a security policy
    - Configure for a repository
  - Report privately
  - Fix vulnerabilities
- Advanced Security with AI agents
  - Scan for secrets with MCP
- View and interpret data
Reference
Tutorials
- Secret protection
- Trial GitHub Advanced Security
- Secure your organization
- Remediate leaked secrets
- Partner program
- Customize code scanning
- Secure your dependencies
- Implement supply chain best practices
- Manage security alerts
  - Prioritize Dependabot alerts using metrics
  - Participate in campaigns
- Improve code quality
- Fix reported vulnerabilities
  - Collaborate in a fork
  - Write security advisories
Responsible use

Reference for code scanning

Find information to apply to your work with code scanning.

Workflow configuration options for code scanning

Edit your workflow file to configure how advanced setup scans the code in your project for vulnerabilities and errors.

Reference for SARIF files for code scanning

Learn about and troubleshoot SARIF support for code scanning.

Reference for code scanning with CodeQL

Find information to apply to your work with CodeQL code scanning.

Troubleshooting code scanning analysis errors

Identify and resolve errors that occur during code analysis, including build failures, incomplete scans, resource limits, and unexpected results.

Code scanning logs

You can view the output generated during code scanning analysis in GitHub.

Help and support

Did you find what you needed?

Yes No

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Learn how to contribute

Still need help?

Ask the GitHub community

Contact support

Legal