我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Enabling code scanning for a repository

You can enable 代码扫描 for your project's repository.

People with write permissions to a repository can enable 代码扫描 for the repository.

本文内容

Did this doc help you?

注意:代码扫描 目前处于测试阶段,可能会更改。 To request access to the beta, join the waitlist.

Options for enabling 代码扫描

You decide how you generate 代码扫描 alerts, and which tools you use, at a repository level. GitHub provides fully integrated support for CodeQL analysis, and also supports analysis using third-party tools. For more information, see "About CodeQL."

Type of analysis Options for generating alerts
CodeQL Using GitHub Actions (see "Enabling 代码扫描 using actions") or using the CodeQL runner in a third-party continuous integration (CI) system (see "Running code scanning in your CI system").
Third‑party Using GitHub Actions (see "Enabling 代码扫描 using actions") or generated externally and uploaded to GitHub (see "Uploading a SARIF file to GitHub").

Enabling 代码扫描 using actions

Using actions to run 代码扫描 will use minutes. For more information, see "About billing for GitHub Actions."

  1. 在 GitHub 上,导航到仓库的主页面。
  2. 在仓库名称下,单击 Security(安全)
    Security 选项卡
  3. To the right of "Code scanning", click Set up code scanning.
    "Set up code scanning" button to the right of "Code scanning" in the Security Overview
  4. Under "Get started with code scanning", click Set up this workflow on the CodeQL Analysis workflow or on a third-party workflow.
    "Set up this workflow" button under "Get started with code scanning" heading
  5. Optionally, to customize how 代码扫描 scans your code, edit the workflow. For more information, see "Configuring 代码扫描."
  6. Use the Start commit drop-down, and type a commit message.
    Start commit
  7. Choose whether you'd like to commit directly to the default branch, or create a new branch and start a pull request.
    Choose where to commit
  8. Click Commit new file or Propose new file.

After you commit the workflow file or create a pull request, 代码扫描 will analyze your code according to the frequency you specified in your workflow file. If you created a pull request, 代码扫描 will only analyze the code on the pull request's topic branch until you merge the pull request into the default branch of the repository.

Next steps

After you enable 代码扫描, you can monitor analysis, view results, and further customize how you scan your code.

Did this doc help you?