Discover advanced-security/monorepo-filtering-workaround Open Source

GitHub Advanced Security Policy as Code

policy-as-code

advanced-security-material

GitHub Action for submitting Maven dependencies

maven-dependency-submission-action

GitHub Secret Scanning Auto Remediator (GSSAR)

GSSAR

CodeQL Extractor, Library, and Queries for Infrastructure as Code

codeql-extractor-iac

Play with GHAS API to provide posture data over time

ghas-to-csv

GitHub Advanced Security Pull Request Security Team required review GitHub App

ghas-reviewer-app

An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations.qll` library

custom-codeql-bundle

A GitHub CLI extension for GitHub Code-Scanning!

gh-code-scanning

GitHub Action for filtering Code Scanning alerts by path and id

filter-sarif

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations

codeql-bundle-action

GH CLI CodeQL Scan Extension

gh-codeql-scan

Manage a uniform team of security managers for every organization in your enterprise

enterprise-security-team

Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts

probot-security-alerts

A curated list of awesome CodeQL resources.

awesome-codeql

generate-sbom-action

An Action to wrap creating an SBOM via REST API

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning

sbom-generator-action

JavaScript

sample-codeql-pipeline-config

demo-csharp

GitHub Advanced Security C# Demo Application

codeql-workshops-staging

Original workshops and staging area for new ones

Use code search to populate an MRVA repo list in VSCode

spdx-dependency-submission-action

JavaScript

mrva-code-search

Action to detect if a secret is initially detected in a PR commit

secret-scanning-review-action

PowerShell

ghas-license-utilization

Optimize the utilization of GHAS licenses in an enterprise (or organization)

ghas-bootcamp

dismiss-alerts

GitHub Advanced Security Python Demo Application

demo-python

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension

grab_ql

component-detection-dependency-submission-action

Automatically set the CodeQL matrix job using the languages in your repository.

set-codeql-language-matrix

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

SARIF-viewer

Kotlin

demo-java

GitHub Advanced Security scanning tutorial repository for Java

ghas-workshop

codeql-summarize

CodeQL Summary Generator

A curated list of awesome GitHub Advanced Security secret scanning resources.

awesome-secret-scanning

cbom-action

Create a Crypto Bill of Materials using CodeQL

The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.

codeql-development-toolkit

codeql-sarif-security-standard-annotator

Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard

A script which will return the total number of unique de-deuped active committers across multiple GHES instances

ghe-cross-instance-committers

[deprecated] Tag SARIF to allow filtering by that tag in GitHub Advanced Security Code Scanning

tag-sarif

Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning

spotbugs-findsecbugs-action

dart-analyzer-sarif

Convert `dart analyze` CLI output into SARIF

CLI to build a custom CodeQL bundle

codeql-bundle

Utility to generate tokens to interact with the GitHub API via GitHub App integration

github-app-auth

codeql-docker

CodeQL Docker image

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

teams-secret-scanning-notifier-azure-function

All things SARIF, as an Action

sarif-toolkit

CodeQL bundles containing the CodeQL Coding Standards queries

codeql-coding-standards-bundle-releases

gh-add-files

A GitHub CLI Extension that allows you to add files to your GitHub repositories directly from the command line

cocoapods-dependency-submission-action

CocoaPods Lockfile Dependency Submission Action

Introduction and Workshop to GitHub Advance Security for Learning Journey (May 2021)

workshop-2021-learning-journey

Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.

dependabot-kev-action

PowerShell

brew-dependency-submission-action

Brew Lockfile Dependency Submission Action

Remap a SARIF file with sourcemaps

demo-golang

remap-sarif

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

slack-secret-scanning-notifier-azure-function

ghas-bootcamp-solutions

An operational (runnable) demonstration of codeql basics

codeql-basics

adjust-cvss

A boilerplate for an application reacting to webhooks from GitHub, deployed to AWS.

aws-github-boilerplate

GitHub Advanced Security Mean Time to Remediate (MTTR)

ghas-mttr

Demonstration Catalog for different Languages and Technologies

demo-catalog

poc-resources

delombok

Delombok Java Code for analysis with Code Scanning

Generate a Crypto Bill of Materials using CodeQL

crypto-bill-of-materials-data

security-researcher-workshop

Format Flake8 results as SARIF for input to SAST tools such as GitHub Code Scanning

flake8-sarif-formatter

Testing Suite for GitHub Secret Scanning Custom Patterns

secret-scanning-tools