Configure code scanning on GitHub

Intermediate
DevOps Engineer
Administrator
Developer
Student
GitHub

This module introduces you to code scanning and its features. You will learn how to implement code scanning using CodeQL, third party tools, and GitHub Actions.

Learning objectives

After completing this module, you'll be able to:

  • Describe code scanning.
  • List the steps for enabling code scanning in a repository.
  • List the steps for enabling code scanning with third-party analysis.
  • Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party continuous integration (CI) tool.
  • Explain how to configure code scanning on a repository using triggering events.
  • Contrast the frequency of code scanning workflows (scheduled vs triggered by events).

Prerequisites

  • A GitHub enterprise account with a GitHub Advanced Security license
  • Familiarity with managing GitHub administrative settings
  • Basic knowledge of GitHub Actions