Git Advanced Security - Path Analysis?

[infosechris]

Select Topic Area

Question

Body

Does Git Advanced Security provide path anlysis for SAST scan? And what languages does it support?

[siennaphia]

Yes, GitHub Advanced Security does provide path analysis for SAST (Static Application Security Testing) scans. This feature is part of the code scanning tool built into GitHub Advanced Security. Once configured, it scans every code change in your repository for security vulnerabilities and flags them in the developer workflow github.blog.

Code scanning is powered by the CodeQL analysis engine, with queries written and open sourced by leading security researchers. CodeQL is a powerful tool that uses a semantic code analysis engine to track data across multiple languages and build a detailed database of what the code does, not just what it says. This enables it to identify potential security vulnerabilities in the code that other tools might miss.

As for the languages supported by GitHub Advanced Security's code scanning feature, the documentation and resources do not explicitly list the supported languages. However, CodeQL, the analysis engine powering code scanning, supports a wide range of programming languages including but not limited to Java, C++, C#, Python, Go, JavaScript, and TypeScript.

To perform a code scan, you can use the following command in a GitHub Actions workflow:

• name: Self sast-scan
  uses: AppThreat/[email protected]
  with:
  output: reports
  type: python,bash
• name: Upload scan reports
  uses: actions/[email protected]
  with:
  name: sast-scan-reports
  path: reports

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬