Совет
This article is part of a series on adopting GitHub Advanced Security at scale. For the previous article in this series, see Phase 4: Create internal documentation.
Enabling code scanning
After piloting code scanning and creating internal documentation for best practices, you can enable code scanning across your company. You can configure code scanning default setup for all repositories in an organization from security overview. For more information, see Configuring default setup for code scanning at scale.
Для некоторых языков или систем сборки может потребоваться настроить расширенную настройку для code scanning для получения полного охвата базы кода. Однако для расширенной настройки требуется значительно больше усилий по настройке, настройке и обслуживанию, поэтому рекомендуется сначала включить настройку по умолчанию.
Building subject matter expertise
To successfully manage and use code scanning across your company, you should build internal subject matter expertise. For default setup for code scanning, one of the most important areas for subject matter experts (SMEs) to understand is interpreting and fixing code scanning alerts. For more information about code scanning alerts, see:
- О предупреждениях о сканировании кода
- Оценка оповещений сканирования кода для репозитория
- Разрешение оповещений сканирования кода
You'll also need SMEs if you need to use advanced setup for code scanning. These SMEs will need knowledge of code scanning alerts, as well as topics like GitHub Actions and customizing code scanning workflows for particular frameworks. For custom configurations of advanced setup, consider running meetings on complicated topics to scale the knowledge of several SMEs at once.
Совет
For the next article in this series, see Phase 6: Rollout and scale secret scanning.