Skip to main content
Мы публикуем частые обновления нашей документации, и перевод этой страницы может все еще выполняться. Актуальные сведения см. в документации на английском языке.
All products
Безопасность кода

Поддержка этой версии GitHub Enterprise была прекращена 2023-03-15. Исправления выпускаться не будут даже при критических проблемах безопасности. Для повышения производительности, укрепления безопасности и новых функций установите последнюю версию GitHub Enterprise. Чтобы получить справку по обновлению, обратитесь в службу поддержки GitHub Enterprise.

Сведения о проверке кода

В этой статье

Вы можете использовать code scanning, чтобы найти уязвимости системы безопасности и ошибки в коде проекта в GitHub.

Code scanning доступен для принадлежащих организации репозиториев в GitHub Enterprise Server. Для этой функции требуется лицензия на GitHub Advanced Security. Дополнительные сведения см. в разделе Сведения о GitHub Advanced Security.

Note: Your site administrator must enable code scanning for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring code scanning for your appliance."

About code scanning

Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub Enterprise Server.

You can use code scanning to find, triage, and prioritize fixes for existing problems in your code. Code scanning also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.

If code scanning finds a potential vulnerability or error in your code, GitHub displays an alert in the repository. After you fix the code that triggered the alert, GitHub closes the alert. For more information, see "Managing code scanning alerts for your repository."

To monitor results from code scanning across your repositories or your organization, you can use webhooks and the code scanning API. For information about the webhooks for code scanning, see "Webhook events and payloads." For information about API endpoints, see "Code Scanning."

To get started with code scanning, see "Configuring code scanning for a repository."

About tools for code scanning

You can configure code scanning to use the CodeQL product maintained by GitHub or a third-party code scanning tool.

About CodeQL analysis

CodeQL is the code analysis engine developed by GitHub to automate security checks. You can analyze your code using CodeQL and display the results as code scanning alerts. For more information about CodeQL, see "About code scanning with CodeQL."

About third-party code scanning tools

Code scanning is interoperable with third-party code scanning tools that output Static Analysis Results Interchange Format (SARIF) data. SARIF is an open standard. For more information, see "SARIF support for code scanning."

You can run third-party analysis tools within GitHub Enterprise Server using actions or within an external CI system. For more information, see "Configuring code scanning for a repository" or "Uploading a SARIF file to GitHub."