Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Configuring code scanning for your appliance

You can enable, configure and disable escaneo de código for tu instancia de servidor de GitHub Enterprise. Escaneo de código allows users to scan code for vulnerabilities and errors.

Escaneo de código is available if you have an Advanced Security license.

En este artículo

Nota: Escaneo de código se encuentra acutalmente en beta y está sujeto a cambios. If your organization has an Advanced Security license, you can join the beta program.

Acerca de escaneo de código

Escaneo de código is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in Servidor de GitHub Enterprise.

The table below summarizes the available types of analysis for escaneo de código, and provides links on enabling the feature for individual repositories.

Type of analysis Options for generating alerts
CodeQL Using GitHub Actions (see "Enabling escaneo de código using actions") or using the CodeQL runner in a third-party continuous integration (CI) system (see "Running code scanning in your CI system").
Third‑party Using GitHub Actions (see "Enabling escaneo de código using actions") or generated externally and uploaded to GitHub Enterprise (see "Uploading a SARIF file to GitHub").

For the users of tu instancia de servidor de GitHub Enterprise to be able to enable and use escaneo de código in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.

How do I know if escaneo de código is enabled for my appliance

  1. En la esquina superior derecha de cualquier página, da clic en .
    Ícono de cohete para acceder a las configuraciones de administrador del sitio
  2. En la barra lateral izquierda, haz clic en Consola de administración.
    pestaña Consola de administración en la barra lateral izquierda
  3. Check if there is an Advanced Security entry in the left sidebar.
    Advanced Security sidebar

If you can't see Advanced Security in the sidebar, it means that your license doesn't include support for Advanced Security features including escaneo de código. The Advanced Security license gives you and your users access to features that help you make your repositories and code more secure.

Habilitar escaneo de código

Warning: Changing this setting will cause Servidor de GitHub Enterprise to restart. You should time this change carefully, to minimize downtime.

  1. En la esquina superior derecha de cualquier página, da clic en .
    Ícono de cohete para acceder a las configuraciones de administrador del sitio
  2. En la barra lateral izquierda, haz clic en Consola de administración.
    pestaña Consola de administración en la barra lateral izquierda
  3. En la barra lateral izquierda, haz clic en Advanced Security.
    Advanced Security sidebar
  4. Under "Advanced Security," click Escaneo de código.
    Checkbox to enable or disable escaneo de código
  5. Debajo de la barra lateral izquierda, da clic en Guardar configuración.
    El botón de guardar en la Consola de administración
  6. Espera a que la configuración se ejecute por completo.

Running escaneo de código using GitHub Actions

Setting up a self-hosted runner

If you are enrolled in the GitHub Actions beta, then Servidor de GitHub Enterprise can run escaneo de código using a GitHub Actions workflow. First, you need to provision one or more self-hosted GitHub Actions runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "About self-hosted runners" and "Adding self-hosted runners."

Provisioning the action

To run escaneo de código on Servidor de GitHub Enterprise with GitHub Actions, the appropriate action must be available locally. You can make the action available in three ways.

  • Recommended You can use GitHub Connect to automatically download actions from GitHub.com. The machine that hosts your instance must be able to access GitHub.com. This approach ensures that you get the latest software automatically. For more information, see "Configuring GitHub Connect to sync GitHub Actions."
  • If you want to use the CodeQL Analysis workflow, you can sync the repository from GitHub.com to Servidor de GitHub Enterprise, by using the CodeQL Action sync tool available at https://github.com/github/codeql-action-sync-tool. You can use this tool regardless of whether tu instancia de servidor de GitHub Enterprise or your GitHub Actions runners have access to the internet, as long as you can access both tu instancia de servidor de GitHub Enterprise and GitHub.com simultaneously on your computer.
  • You can create a local copy of the action's repository on your server, by cloning the GitHub.com repository with the action. For example, if you want to use the CodeQL action, you can create a repository in your instance called github/codeql-action, then clone the repository from GitHub.com, and then push that repository to your instance's github/codeql-action repository. You will also need to download any of the releases from the repository on GitHub.com and upload them to your instance's github/codeql-action repository as releases.
Configuring GitHub Connect to sync GitHub Actions
  1. If you want to download action workflows on demand from GitHub.com, you need to enable GitHub Connect. For more information, see "Enabling GitHub Connect."
  2. You'll also need to enable GitHub Actions for tu instancia de servidor de GitHub Enterprise. For more information, see "Enabling GitHub Actions and configuring storage."
  3. The next step is to configure access to actions on GitHub.com using GitHub Connect. For more information, see "Enabling automatic access to GitHub.com actions using GitHub Connect."
  4. Add a self-hosted runner to your repository, organization, or enterprise account. Para obtener más información, consulta "Agregar ejecutores autoalojados."

After you configure a self-hosted runner, users can enable escaneo de código for individual repositories on tu instancia de servidor de GitHub Enterprise. El flujo de trabajo predeterminado de escaneo de código utiliza el evento on.push para activar el escaneo de código cada vez que alguien carga información a cualquier rama que contenga el archivo de flujo de trabajo.

Running escaneo de código using the CodeQL runner

If your organization isn't taking part in the beta for GitHub Actions, or if you don't want to use GitHub Actions, you can run escaneo de código using the CodeQL runner.

The CodeQL runner is a command-line tool that you can add to your third-party CI/CD system. The tool runs CodeQL analysis on a checkout of a GitHub repository. For more information, see "Running escaneo de código in your CI system."

Inhabilitar las escaneo de código

Warning: Changing this setting will cause Servidor de GitHub Enterprise to restart. You should time this change carefully, to minimize downtime.

  1. En la esquina superior derecha de cualquier página, da clic en .
    Ícono de cohete para acceder a las configuraciones de administrador del sitio
  2. En la barra lateral izquierda, haz clic en Consola de administración.
    pestaña Consola de administración en la barra lateral izquierda
  3. En la barra lateral izquierda, haz clic en Advanced Security.
    Advanced Security sidebar
  4. Under "Advanced Security", unselect Escaneo de código.
    Checkbox to enable or disable escaneo de código
  5. Debajo de la barra lateral izquierda, da clic en Guardar configuración.
    El botón de guardar en la Consola de administración
  6. Espera a que la configuración se ejecute por completo.

¿Te ayudó este documento?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.