Эта версия GitHub Enterprise Server будет прекращена 2024-06-29. Исправления выпускаться не будут даже при критических проблемах безопасности. Для повышения производительности, повышения безопасности и новых функций выполните обновление до последней версии GitHub Enterprise Server. Чтобы получить справку по обновлению, обратитесь в службу поддержки GitHub Enterprise.

Изменение конфигурации настройки по умолчанию

Вы можете изменить существующую конфигурацию настройки по умолчанию для code scanning для лучшего соответствия требованиям безопасности кода.

Кто эту функцию можно использовать?

Code scanning доступен для репозиториев, принадлежащих организации, в GitHub Enterprise Server. Для этой функции требуется лицензия на GitHub Advanced Security. Дополнительные сведения см. в разделе Сведения о GitHub Advanced Security.

В этой статье

About editing your configuration of default setup

After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit The query suite run during analysis. For more information on the available query suites, see "CodeQL query suites."

If you need to change any other aspects of your code scanning configuration, consider configuring advanced setup. For more information, see "Configuring advanced setup for code scanning."

Changing the selected query suite for your configuration of default setup

  1. On your GitHub Enterprise Server instance, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. In the "CodeQL analysis" row of the "Code scanning" section, select , then click View CodeQL configuration.

  5. In the "Query suites" row of the "CodeQL default configuration" window, select QUERY SUITE , then click the new query suite for your code scanning configuration to run.

  6. To update your configuration of default setup, click Enable CodeQL.

Defining the alert severities that cause a check failure for a pull request

When you enable code scanning on pull requests, the check fails only if one or more alerts of severity error, or security severity critical or high are detected. The check will succeed if alerts with lower severities or security severities are detected. For important codebases, you may want the code scanning check to fail if any alerts are detected, so that the alert must be fixed or dismissed before the code change is merged. For more information about severity levels, see "About alert severity and security severity levels."

  1. On your GitHub Enterprise Server instance, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Under "Code scanning", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure.