注意：议题中 code scanning 警报的跟踪目前为 beta 版本，可能会发生更改。
此功能支持使用 GitHub Actions 在本机运行分析，或使用现有 CI/CD 基础结构以及第三方 code scanning 工具在外部运行分析，但不支持第三方跟踪工具。
Code scanning 警报与 GitHub Issues 中的任务列表集成，使你能够轻松地在所有开发工作中确定警报的优先级并对其进行跟踪。 有关问题的详细信息，请参阅“关于问题”。
若要跟踪问题中的代码扫描警报，请将警报的 URL 添加为问题中的任务列表项。 有关任务列表的详细信息，请参阅“关于任务列表”。
You can also create a new issue to track an alert:
From a code scanning alert, which automatically adds the code scanning alert to a task list in the new issue. For more information, see "Creating a tracking issue from a code scanning alert" below.
Via the API as you normally would, and then provide the code scanning link within the body of the issue. You must use the task list syntax to create the tracked relationship:
- [ ] <full-URL- to-the-code-scanning-alert>
- For example, if you add
- [ ] https://github.com/octocat-org/octocat-repo/security/code-scanning/17to an issue, the issue will track the code scanning alert that has an ID number of 17 in the "Security" tab of the
octocat-reporepository in the
You can use more than one issue to track the same code scanning alert, and issues can belong to different repositories from the repository where the code scanning alert was found.
GitHub provides visual cues in different locations of the user interface to indicate when you are tracking code scanning alerts in issues.
The code scanning alerts list page will show which alerts are tracked in issues so that you can view at a glance which alerts still require processing.
A "tracked in" section will also show in the corresponding alert page.
On the tracking issue, GitHub displays a security badge icon in the task list and on the hovercard.
Only users with write permissions to the repository will see the unfurled URL to the alert in the issue, as well as the hovercard. For users with read permissions to the repository, or no permissions at all, the alert will appear as a plain URL.
The color of the icon is grey because an alert has a status of "open" or "closed" on every branch. The issue tracks an alert, so the alert cannot have a single open/closed state in the issue. If the alert is closed on one branch, the icon color will not change.
The status of the tracked alert won't change if you change the checkbox state of the corresponding task list item (checked/unchecked) in the issue.
On GitHub.com, navigate to the main page of the repository.
在 "Code scanning" 下，单击要探索的警报。
Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. For more information, see "Managing code scanning alerts for your repository."
Towards the top of the page, on the right side, click Create issue.
GitHub automatically creates an issue to track the alert and adds the alert as a task list item. GitHub prepopulates the issue:
- The title contains the name of the code scanning alert.
- The body contains the task list item with the full URL to the code scanning alert.
Optionally, edit the title and the body of the issue.
Warning: You may want to edit the title of the issue as it may expose security information. You can also edit the body of the issue, but do not edit the task list item or the issue will no longer track the alert.
Click Submit new issue.