• Stars
    star
    21
  • Rank 1,084,038 (Top 22 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 2 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations

More Repositories

1

gh-sbom

Generate SBOMs with gh CLI
Go
164
star
2

secret-scanning-custom-patterns

Examples of Custom Secret Scanning Patterns
HTML
136
star
3

codeql-queries

[Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
CodeQL
80
star
4

policy-as-code

GitHub Advanced Security Policy as Code
Python
69
star
5

advanced-security-material

Shell
67
star
6

maven-dependency-submission-action

GitHub Action for submitting Maven dependencies
TypeScript
46
star
7

GSSAR

GitHub Secret Scanning Auto Remediator (GSSAR)
TypeScript
40
star
8

codeql-extractor-iac

CodeQL Extractor, Library, and Queries for Infrastructure as Code
CodeQL
38
star
9

ghas-reviewer-app

GitHub Advanced Security Pull Request Security Team required review GitHub App
Python
32
star
10

ghas-to-csv

Play with GHAS API to provide posture data over time
Python
30
star
11

custom-codeql-bundle

An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations.qll` library
CodeQL
25
star
12

gh-code-scanning

A GitHub CLI extension for GitHub Code-Scanning!
Python
24
star
13

filter-sarif

GitHub Action for filtering Code Scanning alerts by path and id
Java
21
star
14

gh-codeql-scan

GH CLI CodeQL Scan Extension
Shell
16
star
15

enterprise-security-team

Manage a uniform team of security managers for every organization in your enterprise
Python
16
star
16

probot-security-alerts

Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts
TypeScript
16
star
17

awesome-codeql

A curated list of awesome CodeQL resources.
15
star
18

generate-sbom-action

An Action to wrap creating an SBOM via REST API
TypeScript
15
star
19

sample-codeql-pipeline-config

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning
15
star
20

sbom-generator-action

JavaScript
13
star
21

codeql-workshops-staging

Original workshops and staging area for new ones
CodeQL
12
star
22

demo-csharp

GitHub Advanced Security C# Demo Application
C#
12
star
23

spdx-dependency-submission-action

JavaScript
11
star
24

mrva-code-search

Use code search to populate an MRVA repo list in VSCode
Shell
10
star
25

secret-scanning-review-action

Action to detect if a secret is initially detected in a PR commit
PowerShell
10
star
26

ghas-license-utilization

Optimize the utilization of GHAS licenses in an enterprise (or organization)
Python
10
star
27

ghas-bootcamp

Java
9
star
28

dismiss-alerts

Java
9
star
29

demo-python

GitHub Advanced Security Python Demo Application
Python
9
star
30

grab_ql

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
Python
9
star
31

component-detection-dependency-submission-action

TypeScript
8
star
32

set-codeql-language-matrix

Automatically set the CodeQL matrix job using the languages in your repository.
Python
8
star
33

SARIF-viewer

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
Kotlin
8
star
34

demo-java

GitHub Advanced Security scanning tutorial repository for Java
Java
8
star
35

ghas-workshop

Java
7
star
36

monorepo-filtering-workaround

A monorepo filtering workaround for GitHub Advanced Security Code Scanning using renaming of the scanning tool in an Actions workflow
Java
7
star
37

codeql-summarize

CodeQL Summary Generator
Python
6
star
38

awesome-secret-scanning

A curated list of awesome GitHub Advanced Security secret scanning resources.
6
star
39

cbom-action

Create a Crypto Bill of Materials using CodeQL
Python
6
star
40

codeql-development-toolkit

The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.
C#
6
star
41

codeql-sarif-security-standard-annotator

Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard
TypeScript
6
star
42

ghe-cross-instance-committers

A script which will return the total number of unique de-deuped active committers across multiple GHES instances
TypeScript
6
star
43

tag-sarif

[deprecated] Tag SARIF to allow filtering by that tag in GitHub Advanced Security Code Scanning
Python
5
star
44

spotbugs-findsecbugs-action

Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning
5
star
45

dart-analyzer-sarif

Convert `dart analyze` CLI output into SARIF
Python
5
star
46

codeql-bundle

CLI to build a custom CodeQL bundle
Python
5
star
47

cocoapods-dependency-submission-action

CocoaPods Lockfile Dependency Submission Action
Python
5
star
48

github-app-auth

Utility to generate tokens to interact with the GitHub API via GitHub App integration
Go
5
star
49

codeql-docker

CodeQL Docker image
Shell
5
star
50

teams-secret-scanning-notifier-azure-function

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
TypeScript
5
star
51

sarif-toolkit

All things SARIF, as an Action
Python
4
star
52

codeql-coding-standards-bundle-releases

CodeQL bundles containing the CodeQL Coding Standards queries
4
star
53

gh-add-files

A GitHub CLI Extension that allows you to add files to your GitHub repositories directly from the command line
Go
4
star
54

workshop-2021-learning-journey

Introduction and Workshop to GitHub Advance Security for Learning Journey (May 2021)
TypeScript
4
star
55

dependabot-kev-action

Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.
PowerShell
4
star
56

brew-dependency-submission-action

Brew Lockfile Dependency Submission Action
Python
3
star
57

demo-golang

Go
3
star
58

remap-sarif

Remap a SARIF file with sourcemaps
Python
3
star
59

slack-secret-scanning-notifier-azure-function

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
TypeScript
2
star
60

ghas-bootcamp-solutions

Java
2
star
61

codeql-basics

An operational (runnable) demonstration of codeql basics
2
star
62

adjust-cvss

Java
2
star
63

secret-scanning-tools

Testing Suite for GitHub Secret Scanning Custom Patterns
Python
2
star
64

aws-github-boilerplate

A boilerplate for an application reacting to webhooks from GitHub, deployed to AWS.
TypeScript
2
star
65

ghas-mttr

GitHub Advanced Security Mean Time to Remediate (MTTR)
Python
1
star
66

demo-catalog

Demonstration Catalog for different Languages and Technologies
1
star
67

poc-resources

1
star
68

delombok

Delombok Java Code for analysis with Code Scanning
Python
1
star
69

crypto-bill-of-materials-data

Generate a Crypto Bill of Materials using CodeQL
TypeScript
1
star
70

security-researcher-workshop

CodeQL
1
star
71

flake8-sarif-formatter

Format Flake8 results as SARIF for input to SAST tools such as GitHub Code Scanning
Python
1
star
72

dependabot-epss-action

Action to detect if any open :dependabot: Dependabot alert CVEs exceed an EPSS threshold and fail the workflow.
PowerShell
1
star