ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Enabling code scanning for a repository

You can enable code scanning for your project's repository.

People with write permissions to a repository can enable code scanning for the repository.

Code scanning is available in public repositories, and in public and private repositories owned by organizations with a license for Advanced Security. 詳しい情報については「GitHubの製品」を参照してください。

ここには以下の内容があります:

Did this doc help you?

ノート: Code scanningは現在ベータで、変更されることがあります。 To request access to the beta, join the waitlist.

Options for enabling code scanning

You decide how you generate code scanning alerts, and which tools you use, at a repository level. GitHub provides fully integrated support for CodeQL analysis, and also supports analysis using third-party tools. For more information, see "About CodeQL."

Type of analysis Options for generating alerts
CodeQL Using GitHub Actions (see "Enabling code scanning using actions") or using the CodeQL runner in a third-party continuous integration (CI) system (see "Running code scanning in your CI system").
Third‑party Using GitHub Actions (see "Enabling code scanning using actions") or generated externally and uploaded to GitHub (see "Uploading a SARIF file to GitHub").

Enabling code scanning using actions

Using actions to run code scanning will use minutes. For more information, see "About billing for GitHub Actions."

  1. GitHubで、リポジトリのメインページにアクセスしてください。
  2. リポジトリ名の下で Security(セキュリティ)をクリックしてください。
    セキュリティのタブ
  3. To the right of "Code scanning", click Set up code scanning.
    "Set up code scanning" button to the right of "Code scanning" in the Security Overview
  4. Under "Get started with code scanning", click Set up this workflow on the CodeQL Analysis workflow or on a third-party workflow.
    "Set up this workflow" button under "Get started with code scanning" heading
  5. Optionally, to customize how code scanning scans your code, edit the workflow. For more information, see "Configuring code scanning."
  6. Use the Start commit drop-down, and type a commit message.
    Start commit
  7. Choose whether you'd like to commit directly to the default branch, or create a new branch and start a pull request.
    Choose where to commit
  8. Click Commit new file or Propose new file.

After you commit the workflow file or create a pull request, code scanning will analyze your code according to the frequency you specified in your workflow file. If you created a pull request, code scanning will only analyze the code on the pull request's topic branch until you merge the pull request into the default branch of the repository.

Next steps

After you enable code scanning, you can monitor analysis, view results, and further customize how you scan your code.

Did this doc help you?