CodeQL code scanning at Microsoft
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
Adversarial Robustness Toolbox (ART) CodeQL code scanning
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
Security advisory for Rails
Security advisory published by Rails for CVE-2020-15169.
Configure security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Enable and disable updates
You can configure your repository so that Dependabot automatically updates the packages you use.
- Automatically scanning your code for vulnerabilities and errors • 10 articles
- Integrating with code scanning • 3 articles
- Using CodeQL code scanning with your existing CI system • 6 articles
- About coordinated disclosure of security vulnerabilities
- About GitHub Security Advisories
- Permission levels for security advisories
- Creating a security advisory
- Adding a collaborator to a security advisory
- Removing a collaborator from a security advisory
- Collaborating in a temporary private fork to resolve a security vulnerability
- Publishing a security advisory
- Editing a security advisory
- Withdrawing a security advisory
- Understanding your software supply chain • 3 articles
- Keeping your dependencies updated automatically • 10 articles
- Managing vulnerabilities in your project's dependencies • 9 articles