Automatically scanning your code for vulnerabilities and errors

You can find vulnerabilities and errors in your project's code on GitHub, as well as view, triage, understand, and resolve the related 代码扫描 alerts.

代码扫描适用于所有公共仓库以及启用了 GitHub Advanced Security 的组织拥有的私有仓库。更多信息请参阅“关于 GitHub Advanced Security”。

关于代码扫描

您可以使用代码扫描在 GitHub 上查找项目中的安全漏洞和代码错误。

鉴定拉取请求中的代码扫描警报

当代码扫描在拉取请求中发现问题时，您可以审查高亮的代码并解决警报。

Setting up code scanning for a repository

You can set up 代码扫描 by adding a workflow to your repository.

Managing code scanning alerts for your repository

From the security view, you can view, fix, dismiss, or delete alerts for potential vulnerabilities or errors in your project's code.

Tracking code scanning alerts in issues using task lists

You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.

Configuring code scanning

You can configure how GitHub scans the code in your project for vulnerabilities and errors.

About code scanning with CodeQL

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as 代码扫描 alerts in GitHub.

Recommended hardware resources for running CodeQL

Recommended specifications (RAM, CPU cores, and disk) for running CodeQL analysis on self-hosted machines, based on the size of your codebase.

Configuring the CodeQL workflow for compiled languages

You can configure how GitHub uses the CodeQL 分析工作流程 to scan code written in compiled languages for vulnerabilities and errors.

Troubleshooting the CodeQL workflow

If you're having problems with 代码扫描, you can troubleshoot by using these tips for resolving issues.

在容器中运行 CodeQL 代码扫描

通过确保所有进程都在同一容器中运行，您可以在容器中运行代码扫描。

Viewing code scanning logs

You can view the output generated during 代码扫描 analysis in GitHub.com.

帮助我们创建出色的文档！

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗？提交拉取请求。

做出贡献

或者，了解如何参与。

还需要帮助？

询问 GitHub 社区

联系支持