Discover advanced-security/set-codeql-language-matrix Open Source

GitHub Advanced Security Policy as Code

policy-as-code

advanced-security-material

GitHub Action for submitting Maven dependencies

maven-dependency-submission-action

GitHub Secret Scanning Auto Remediator (GSSAR)

GSSAR

CodeQL Extractor, Library, and Queries for Infrastructure as Code

codeql-extractor-iac

GitHub Advanced Security Pull Request Security Team required review GitHub App

ghas-reviewer-app

Play with GHAS API to provide posture data over time

ghas-to-csv

An example repository that demonstrates how the build custom CodeQL bundles that include query customizations through the `Customizations.qll` library

custom-codeql-bundle

A GitHub CLI extension for GitHub Code-Scanning!

gh-code-scanning

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations

codeql-bundle-action

GitHub Action for filtering Code Scanning alerts by path and id

filter-sarif

GH CLI CodeQL Scan Extension

gh-codeql-scan

Manage a uniform team of security managers for every organization in your enterprise

enterprise-security-team

Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts

probot-security-alerts

A curated list of awesome CodeQL resources.

awesome-codeql

generate-sbom-action

An Action to wrap creating an SBOM via REST API

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning

sample-codeql-pipeline-config

sbom-generator-action

JavaScript

codeql-workshops-staging

Original workshops and staging area for new ones

GitHub Advanced Security C# Demo Application

demo-csharp

spdx-dependency-submission-action

JavaScript

mrva-code-search

Use code search to populate an MRVA repo list in VSCode

Action to detect if a secret is initially detected in a PR commit

secret-scanning-review-action

PowerShell

ghas-license-utilization

Optimize the utilization of GHAS licenses in an enterprise (or organization)

ghas-bootcamp

dismiss-alerts

GitHub Advanced Security Python Demo Application

demo-python

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension

grab_ql

component-detection-dependency-submission-action

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

SARIF-viewer

Kotlin

demo-java

GitHub Advanced Security scanning tutorial repository for Java

ghas-workshop

A monorepo filtering workaround for GitHub Advanced Security Code Scanning using renaming of the scanning tool in an Actions workflow

monorepo-filtering-workaround

codeql-summarize

CodeQL Summary Generator

A curated list of awesome GitHub Advanced Security secret scanning resources.

awesome-secret-scanning

cbom-action

Create a Crypto Bill of Materials using CodeQL

The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.

codeql-development-toolkit

codeql-sarif-security-standard-annotator

Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard

A script which will return the total number of unique de-deuped active committers across multiple GHES instances

ghe-cross-instance-committers

[deprecated] Tag SARIF to allow filtering by that tag in GitHub Advanced Security Code Scanning

tag-sarif

Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning

spotbugs-findsecbugs-action

dart-analyzer-sarif

Convert `dart analyze` CLI output into SARIF

CLI to build a custom CodeQL bundle

codeql-bundle

CocoaPods Lockfile Dependency Submission Action

cocoapods-dependency-submission-action

Utility to generate tokens to interact with the GitHub API via GitHub App integration

github-app-auth

codeql-docker

CodeQL Docker image

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

teams-secret-scanning-notifier-azure-function

All things SARIF, as an Action

sarif-toolkit

CodeQL bundles containing the CodeQL Coding Standards queries

codeql-coding-standards-bundle-releases

gh-add-files

A GitHub CLI Extension that allows you to add files to your GitHub repositories directly from the command line

workshop-2021-learning-journey

Introduction and Workshop to GitHub Advance Security for Learning Journey (May 2021)

Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.

dependabot-kev-action

PowerShell

brew-dependency-submission-action

Brew Lockfile Dependency Submission Action

Remap a SARIF file with sourcemaps

demo-golang

remap-sarif

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

slack-secret-scanning-notifier-azure-function

ghas-bootcamp-solutions

An operational (runnable) demonstration of codeql basics

codeql-basics

adjust-cvss

Testing Suite for GitHub Secret Scanning Custom Patterns

secret-scanning-tools

A boilerplate for an application reacting to webhooks from GitHub, deployed to AWS.

aws-github-boilerplate

GitHub Advanced Security Mean Time to Remediate (MTTR)

ghas-mttr

Demonstration Catalog for different Languages and Technologies

demo-catalog

poc-resources

delombok

Delombok Java Code for analysis with Code Scanning

Generate a Crypto Bill of Materials using CodeQL

crypto-bill-of-materials-data

security-researcher-workshop

Format Flake8 results as SARIF for input to SAST tools such as GitHub Code Scanning

flake8-sarif-formatter