Git Advanced Security - Path Analysis? #61401
Replies: 2 comments
-
Yes, GitHub Advanced Security does provide path analysis for SAST (Static Application Security Testing) scans. This feature is part of the code scanning tool built into GitHub Advanced Security. Once configured, it scans every code change in your repository for security vulnerabilities and flags them in the developer workflow github.blog. Code scanning is powered by the CodeQL analysis engine, with queries written and open sourced by leading security researchers. CodeQL is a powerful tool that uses a semantic code analysis engine to track data across multiple languages and build a detailed database of what the code does, not just what it says. This enables it to identify potential security vulnerabilities in the code that other tools might miss. As for the languages supported by GitHub Advanced Security's code scanning feature, the documentation and resources do not explicitly list the supported languages. However, CodeQL, the analysis engine powering code scanning, supports a wide range of programming languages including but not limited to Java, C++, C#, Python, Go, JavaScript, and TypeScript. To perform a code scan, you can use the following command in a GitHub Actions workflow:
|
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Does Git Advanced Security provide path anlysis for SAST scan? And what languages does it support?
Beta Was this translation helpful? Give feedback.
All reactions