Skip to main content

此版本的 GitHub Enterprise 已停止服务 2022-06-03. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

About code scanning

You can use 代� �扫描 to find security vulnerabilities and errors in the code for your project on GitHub.

代� �扫描 适用于启用了 GitHub Advanced Security 的组织拥有的仓库。 更多信息请参阅“关于 GitHub Advanced Security”。

Note: Your site administrator must enable 代� �扫描 for 您的 GitHub Enterprise Server 实例 before you can use this feature. For more information, see "Configuring 代� �扫描 for your appliance."

About 代� �扫描

代� �扫描 是一项功能,可用于分析 GitHub 仓库中的代� �,以查找安全漏洞和编� �错误。 分析发现的任何问题都显示在 GitHub Enterprise Server 中。

You can use 代� �扫描 to find, triage, and prioritize fixes for existing problems in your code. 代� �扫描 also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.

If 代� �扫描 finds a potential vulnerability or error in your code, GitHub displays an alert in the repository. After you fix the code that triggered the alert, GitHub closes the alert. For more information, see "Managing 代� �扫描 alerts for your repository."

To monitor results from 代� �扫描 across your repositories or your organization, you can use webhooks and the 代� �扫描 API. For information about the webhooks for 代� �扫描, see "Webhook events and payloads." For information about API endpoints, see "代� �扫描."

To get started with 代� �扫描, see "Setting up 代� �扫描 for a repository."

About tools for 代� �扫描

You can set up 代� �扫描 to use the CodeQL product maintained by GitHub or a third-party 代� �扫描 tool.

About CodeQL analysis

CodeQL 是由 GitHub 开发的代� �分析引擎,用于自动执行安全检查。 可以使用 CodeQL 分析代� �,并将结果显示为 代� �扫描 警报。 For more information about CodeQL, see "About code scanning with CodeQL."

About third-party 代� �扫描 tools

代� �扫描 可与输出静态分析结果交换� �式 (SARIF) 数据的第三方代� �扫描工具互操作。 SARIF 是一个开放的� �准。 更多信息请参阅“代� �扫描 的 SARIF 输出。”

You can run third-party analysis tools within GitHub Enterprise Server using actions or within an external CI system. For more information, see "Setting up code scanning for a repository" or "Uploading a SARIF file to GitHub."