• Stars
    star
    8
  • Rank 2,099,232 (Top 42 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 2 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatically set the CodeQL matrix job using the languages in your repository.

More Repositories

1

gh-sbom

Generate SBOMs with gh CLI
Go
164
star
2

secret-scanning-custom-patterns

Examples of Custom Secret Scanning Patterns
HTML
136
star
3

codeql-queries

[Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
CodeQL
80
star
4

policy-as-code

GitHub Advanced Security Policy as Code
Python
69
star
5

advanced-security-material

Shell
67
star
6

maven-dependency-submission-action

GitHub Action for submitting Maven dependencies
TypeScript
46
star
7

GSSAR

GitHub Secret Scanning Auto Remediator (GSSAR)
TypeScript
40
star
8

codeql-extractor-iac

CodeQL Extractor, Library, and Queries for Infrastructure as Code
CodeQL
38
star
9

ghas-reviewer-app

GitHub Advanced Security Pull Request Security Team required review GitHub App
Python
32
star
10

ghas-to-csv

Play with GHAS API to provide posture data over time
Python
30
star
11

custom-codeql-bundle

An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations.qll` library
CodeQL
25
star
12

gh-code-scanning

A GitHub CLI extension for GitHub Code-Scanning!
Python
24
star
13

codeql-bundle-action

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations
Shell
21
star
14

filter-sarif

GitHub Action for filtering Code Scanning alerts by path and id
Java
21
star
15

gh-codeql-scan

GH CLI CodeQL Scan Extension
Shell
16
star
16

enterprise-security-team

Manage a uniform team of security managers for every organization in your enterprise
Python
16
star
17

probot-security-alerts

Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts
TypeScript
16
star
18

awesome-codeql

A curated list of awesome CodeQL resources.
15
star
19

generate-sbom-action

An Action to wrap creating an SBOM via REST API
TypeScript
15
star
20

sample-codeql-pipeline-config

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning
15
star
21

sbom-generator-action

JavaScript
13
star
22

codeql-workshops-staging

Original workshops and staging area for new ones
CodeQL
12
star
23

demo-csharp

GitHub Advanced Security C# Demo Application
C#
12
star
24

spdx-dependency-submission-action

JavaScript
11
star
25

mrva-code-search

Use code search to populate an MRVA repo list in VSCode
Shell
10
star
26

secret-scanning-review-action

Action to detect if a secret is initially detected in a PR commit
PowerShell
10
star
27

ghas-license-utilization

Optimize the utilization of GHAS licenses in an enterprise (or organization)
Python
10
star
28

ghas-bootcamp

Java
9
star
29

dismiss-alerts

Java
9
star
30

demo-python

GitHub Advanced Security Python Demo Application
Python
9
star
31

grab_ql

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
Python
9
star
32

component-detection-dependency-submission-action

TypeScript
8
star
33

SARIF-viewer

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
Kotlin
8
star
34

demo-java

GitHub Advanced Security scanning tutorial repository for Java
Java
8
star
35

ghas-workshop

Java
7
star
36

monorepo-filtering-workaround

A monorepo filtering workaround for GitHub Advanced Security Code Scanning using renaming of the scanning tool in an Actions workflow
Java
7
star
37

codeql-summarize

CodeQL Summary Generator
Python
6
star
38

awesome-secret-scanning

A curated list of awesome GitHub Advanced Security secret scanning resources.
6
star
39

cbom-action

Create a Crypto Bill of Materials using CodeQL
Python
6
star
40

codeql-development-toolkit

The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.
C#
6
star
41

codeql-sarif-security-standard-annotator

Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard
TypeScript
6
star
42

ghe-cross-instance-committers

A script which will return the total number of unique de-deuped active committers across multiple GHES instances
TypeScript
6
star
43

tag-sarif

[deprecated] Tag SARIF to allow filtering by that tag in GitHub Advanced Security Code Scanning
Python
5
star
44

spotbugs-findsecbugs-action

Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning
5
star
45

dart-analyzer-sarif

Convert `dart analyze` CLI output into SARIF
Python
5
star
46

codeql-bundle

CLI to build a custom CodeQL bundle
Python
5
star
47

cocoapods-dependency-submission-action

CocoaPods Lockfile Dependency Submission Action
Python
5
star
48

github-app-auth

Utility to generate tokens to interact with the GitHub API via GitHub App integration
Go
5
star
49

codeql-docker

CodeQL Docker image
Shell
5
star
50

teams-secret-scanning-notifier-azure-function

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
TypeScript
5
star
51

sarif-toolkit

All things SARIF, as an Action
Python
4
star
52

codeql-coding-standards-bundle-releases

CodeQL bundles containing the CodeQL Coding Standards queries
4
star
53

gh-add-files

A GitHub CLI Extension that allows you to add files to your GitHub repositories directly from the command line
Go
4
star
54

workshop-2021-learning-journey

Introduction and Workshop to GitHub Advance Security for Learning Journey (May 2021)
TypeScript
4
star
55

dependabot-kev-action

Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.
PowerShell
4
star
56

brew-dependency-submission-action

Brew Lockfile Dependency Submission Action
Python
3
star
57

demo-golang

Go
3
star
58

remap-sarif

Remap a SARIF file with sourcemaps
Python
3
star
59

slack-secret-scanning-notifier-azure-function

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
TypeScript
2
star
60

ghas-bootcamp-solutions

Java
2
star
61

codeql-basics

An operational (runnable) demonstration of codeql basics
2
star
62

adjust-cvss

Java
2
star
63

secret-scanning-tools

Testing Suite for GitHub Secret Scanning Custom Patterns
Python
2
star
64

aws-github-boilerplate

A boilerplate for an application reacting to webhooks from GitHub, deployed to AWS.
TypeScript
2
star
65

ghas-mttr

GitHub Advanced Security Mean Time to Remediate (MTTR)
Python
1
star
66

demo-catalog

Demonstration Catalog for different Languages and Technologies
1
star
67

poc-resources

1
star
68

delombok

Delombok Java Code for analysis with Code Scanning
Python
1
star
69

crypto-bill-of-materials-data

Generate a Crypto Bill of Materials using CodeQL
TypeScript
1
star
70

security-researcher-workshop

CodeQL
1
star
71

flake8-sarif-formatter

Format Flake8 results as SARIF for input to SAST tools such as GitHub Code Scanning
Python
1
star
72

dependabot-epss-action

Action to detect if any open :dependabot: Dependabot alert CVEs exceed an EPSS threshold and fail the workflow.
PowerShell
1
star