Note: Your site administrator must enable 代� �扫描 for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring 代� �扫描 for your appliance."
关于 代� �扫描 中的警报
您可以设置 代� �扫描,以使用默认 CodeQL 分析、第三方分析或多种类型的分析来检查仓库中的代� �。 分析完成后,生成的警报将并排显示在仓库的安全视图中。 第三方工具或自定义查询的结果可能不包括您在 GitHub 的默认 CodeQL 分析所检测的警报中看到的所有属性。 更多信息请参阅“为仓库设置 代� �扫描”。
默认情况下, 代� �扫描 定期在默认分支和拉取请求中分析您的代� �。 有关管理拉取请求中的警报的更多信息,请参阅“对拉取请求中的 代� �扫描 警报分类”。
About alert details
每个警报都会高亮显示代� �的问题以及识别该问题的工具名称。 You can see the line of code that triggered the alert, as well as properties of the alert, such as the alert severity and the nature of the problem. 警报还会告知该问题第一次被引入的时间。 对于由 CodeQL 分析确定的警报,您还会看到如何解决问题的信息。
If you set up 代� �扫描 using CodeQL, you can also find data-flow problems in your code. 数据流分析将查找代� �中的潜在安全问题,例如:不安全地使用数据、将危险参数� 递给函数以及泄漏敏感信息。
当 代� �扫描 报告数据流警报时,GitHub 将显示数据在代� �中如何移动。 代� �扫描 可用于识别泄露敏感信息的代� �区域,以及可能成为恶意用户攻击切入点的代� �区域。
About severity levels
Alert severity levels may be Error, Warning, or Note.
If 代� �扫描 is enabled as a pull request check, the check will fail if it detects any results with a severity of error.
About labels for alerts that are not found in application code
GitHub Enterprise Server assigns a category label to alerts that are not found in application code. The label relates to the location of the alert.
- Generated: Code generated by the build process
- Test: Test code
- Library: Library or third-party code
- Documentation: Documentation
代� �扫描 categorizes files by file path. You cannot manually categorize source files.
Here is an example from the 代� �扫描 alert list of an alert marked as occurring in library code.
On the alert page, you can see that the filepath is marked as library code (Library label).
