Securing your repository→
You can use a number of GitHub features to help keep your repository secure.
Securing your organization→
You can use a number of GitHub features to help keep your organization secure.
Setting up code scanning for a repository→
You can set up code scanning by adding a workflow to your repository.
CodeQL code scanning at Microsoft
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
Adversarial Robustness Toolbox (ART) CodeQL code scanning
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
Exploring the dependencies of a repository
You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.
Configuring notifications for vulnerable dependencies
Optimize how you receive notifications about Dependabot alerts.
- Automatically scanning your code for vulnerabilities and errors • 10 articles
- Integrating with code scanning • 3 articles
- Using CodeQL code scanning with your existing CI system • 7 articles