Analisar automaticamente seu código com relação a vulnerabilidades e erros

Você pode encontrar vulnerabilidades e erros no código do seu projeto no GitHub, além de exibir, fazer a triagem, entender e resolver os alertas relacionados do code scanning.

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. Para obter mais informações, confira "Sobre o GitHub Advanced Security".

Sobre a varredura de código
Você pode usar code scanning para encontrar vulnerabilidades e erros de segurança no código do seu projeto no GitHub.
About code scanning alerts
Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
Triaging code scanning alerts in pull requests
When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.
Setting up code scanning for a repository
You can set up code scanning by adding a workflow to your repository.
Managing code scanning alerts for your repository
From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.
Tracking code scanning alerts in issues using task lists
You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.
Configuring code scanning
You can configure how GitHub scans the code in your project for vulnerabilities and errors.
About code scanning with CodeQL
You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.
Recursos de hardware recomendados para executar o CodeQL
Especificações recomendadas (RAM, núcleos de CPU e disco) para executar análises de CodeQL em máquinas auto-hospedadas, com base no tamanho de sua base de código.
Configuração do fluxo de trabalho do CodeQL para linguagens compiladas
Você pode configurar como o GitHub usa o CodeQL analysis workflow para varrer o código escrito em linguagens compiladas para obter vulnerabilidades e erros.
Troubleshooting the CodeQL workflow
If you're having problems with code scanning, you can troubleshoot by using these tips for resolving issues.
Running CodeQL code scanning in a container
You can run code scanning in a container by ensuring that all processes run in the same container.
Visualizar os registros de varredura de código
Você pode visualizar a saída gerada durante a análise code scanning em GitHub.com.