Analisar automaticamente seu código com relação a vulnerabilidades e erros

Você pode usar code scanning para encontrar vulnerabilidades e erros de segurança no código do seu projeto no GitHub.

Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.

When code scanning identifies a problem in a pull request, you can review the highlighted code and resolve the alert.

You can set up code scanning by adding a workflow to your repository.

From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project's code.

You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.

You can configure how GitHub scans the code in your project for vulnerabilities and errors.

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.

Especificações recomendadas (RAM, núcleos de CPU e disco) para executar análises de CodeQL em máquinas auto-hospedadas, com base no tamanho de sua base de código.

Você pode configurar como o GitHub usa o CodeQL analysis workflow para examinar o código escrito nas linguagens compiladas quanto a vulnerabilidades e erros.

If you're having problems with code scanning, you can troubleshoot by using these tips for resolving issues.

Você pode executar code scanning em um contêiner garantindo que todos os processos sejam executados no mesmo container.

You can view the output generated during code scanning analysis in your enterprise.