Hallo, Entdecker! An dieser Seite wird aktiv gearbeitet, oder sie wird noch übersetzt. Die neuesten und genauesten Informationen findest Du in unserer englischsprachigen Dokumentation.
Deutsch
No results found.

Nach Produkt erkunden

Enterprise administrators
  • Get started
  • Account and profile
  • Authentication
  • Repositories
  • GitHub
  • Enterprise administrators
  • Billing and payments
  • Organizations
  • Code security
  • GitHub Issues
  • GitHub Actions
  • GitHub Codespaces
  • GitHub Packages
  • Search on GitHub
  • Developers
  • REST API
  • GraphQL API
  • GitHub CLI
  • GitHub Discussions
  • GitHub Sponsors
  • Building communities
  • GitHub Pages
  • Education
  • GitHub Desktop
  • Atom
  • Electron
  • CodeQL
  • npm
    • Deutsch
  • English
  • 简体中文 (Simplified Chinese)
  • 日本語 (Japanese)
  • Español (Spanish)
  • Português do Brasil (Portuguese)

    • Diese Version von GitHub Enterprise wurde eingestellt am 2021-09-23. Es wird keine Patch-Freigabe vorgenommen, auch nicht für kritische Sicherheitsprobleme. Für eine bessere Leistung, verbesserte Sicherheit und neue Features nimm ein Upgrade auf die neueste Version von GitHub Enterprise vor. Wende Dich an den GitHub Enterprise-Support, um Hilfe beim Upgrade zu erhalten.

    Artikelversion

    Inhalt dieses Artikels

    Configuring code scanning for your appliance

    You can enable, configure and disable code scanning for your GitHub Enterprise Server instance. Code scanning allows users to scan code for vulnerabilities and errors.

    Code scanning is available if you have a license for GitHub Advanced Security.

    Note: Code scanning is in beta in GitHub Enterprise Server 2.22. For the generally available release of code scanning, upgrade to the latest release of GitHub Enterprise Server.

    Informationen zu code scanning

    With code scanning, developers can quickly and automatically analyze the code in a GitHub repository to find security vulnerabilities and coding errors.

    You can configure code scanning to run CodeQL analysis and third-party analysis. Code scanning also supports running analysis natively using GitHub Actions or externally using existing CI/CD infrastructure. The table below summarizes all the options available to users when you configure your GitHub Enterprise Server instance to allow code scanning using actions.

    Type of analysis Options for generating alerts
    | CodeQL | Using GitHub Actions (see "[Setting up code scanning using actions](/github/finding-security-vulnerabilities-and-errors-in-your-code/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-actions)") or using the CodeQL runner in a third-party continuous integration (CI) system (see "[Running CodeQL code scanning in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)"). | Third‑party | Using GitHub Actions (see "[Setting up code scanning using actions](/github/finding-security-vulnerabilities-and-errors-in-your-code/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-actions)") or generated externally and uploaded to GitHub Enterprise Server (see "[Uploading a SARIF file to GitHub](/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github)").|

    Prerequisites for code scanning

    Running code scanning using GitHub Actions

    Setting up a self-hosted runner

    GitHub Enterprise Server can run code scanning using a GitHub Actions workflow. First, you need to provision one or more self-hosted GitHub Actions runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "About self-hosted runners" and "Adding self-hosted runners."

    You must ensure that Git is in the PATH variable on any self-hosted runners you use to run CodeQL actions.

    Provisioning the actions for code scanning

    To run code scanning on GitHub Enterprise Server with GitHub Actions, the appropriate actions must be available locally. You can make the actions available in three ways.

    • Recommended: You can use GitHub Connect to automatically download actions from GitHub.com. The machine that hosts your instance must be able to access GitHub.com. This approach ensures that you get the latest software automatically. For more information, see "Configuring GitHub Connect to sync GitHub Actions."
    • If you want to use the CodeQL analysis workflow, you can sync the repository from GitHub.com to GitHub Enterprise Server, by using the CodeQL Action sync tool available at https://github.com/github/codeql-action-sync-tool. You can use this tool regardless of whether your GitHub Enterprise Server instance or your GitHub Actions runners have access to the internet, as long as you can access both your GitHub Enterprise Server instance and GitHub.com simultaneously on your computer.
    • You can create a local copy of an action's repository on your server, by cloning the GitHub.com repository that contains the action. For example, if you want to use the actions for CodeQL code scanning, you can create a repository in your instance called github/codeql-action, then clone the repository from GitHub.com, and then push that repository to your instance's github/codeql-action repository. You will also need to download any of the releases from the repository on GitHub.com and upload them to your instance's github/codeql-action repository as releases.

    Configuring GitHub Connect to sync GitHub Actions

    1. If you want to download action workflows on demand from GitHub.com, you need to enable GitHub Connect. For more information, see "Enabling GitHub Connect."
    2. You'll also need to enable GitHub Actions for your GitHub Enterprise Server instance. For more information, see "Getting started with GitHub Actions for GitHub Enterprise Server."
    3. The next step is to configure access to actions on GitHub.com using GitHub Connect. For more information, see "Enabling automatic access to GitHub.com actions using GitHub Connect."
    4. Add a self-hosted runner to your repository, organization, or enterprise account. Weitere Informationen findest Du unter "selbst-gehostete Runner hinzufügen."

    Running code scanning using the CodeQL runner

    If you don't want to use GitHub Actions, you can run code scanning using the CodeQL runner.

    The CodeQL runner is a command-line tool that you can add to your third-party CI/CD system. The tool runs CodeQL analysis on a checkout of a GitHub repository. For more information, see "Running code scanning in your CI system."