You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _labs/lab1.md
+5-8Lines changed: 5 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,25 +37,22 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
37
37
### Exercise 2: Enable Code Scanning
38
38
39
39
1. Next, let's enable **Code Scanning with CodeQL**. These settings are also under the **Code security** settings page.
40
-
2. Click the **Enable** button next to GitHub Advanced Security.
41
-
3. A prompt will confirm that you want to **Enable GitHub Advanced Security for this repository** - click the button.
42
-
- The prompt tells you how many GitHub Advanced Security licenses you would consume by enabling this feature - which is useful if you are an organization owner and want to ensure you have enough licenses for your organization.
43
-
4. Underneath the GitHub Advanced Security | Code Scanning heading, click the **Set up** button in the **CodeQL analysis** row.
44
-
5. There are two options: **Default** and **Advanced**. Select the **Default** option and review the settings.
40
+
2. Underneath the Code Scanning heading, click the **Set up** button in the **CodeQL analysis** row.
41
+
3. There are two options: **Default** and **Advanced**. Select the **Default** option and review the settings.
45
42
- For this lab, we will use the **Default** setup which creates a managed Actions workflow (i.e. you will not see a file committed to the repo). You can use the Advanced option to manage your code scanning workflow as a GitHub Actions workflow YAML file committed to the repo. The **Default** option is a great option to get started quickly to enable code scanning in a repository without needing to commit any additional code.
46
43
- By default, it will scan the JavaScript code, use the default CodeQL queries (for highest precision), and scan the default branch on push, pull request, and on a weekly schedule.
47
44
48
45
<details>
49
46
<imgsrc="images/lab-1-2-1.png"/>
50
47
</details>
51
48
52
-
6. Click the **Enable CodeQL** button to save the settings and enable Code Scanning.
49
+
4. Click the **Enable CodeQL** button to save the settings and enable Code Scanning.
53
50
54
51
<details>
55
52
<imgsrc="images/lab-1-2-2.png"/>
56
53
</details>
57
54
58
-
6. Ensure that **Copilot Autofix** is enabled (in the **Code Scanning --> Tools** section).
55
+
5. Ensure that **Copilot Autofix** is enabled (in the **Code Scanning --> Tools** section).
59
56
60
57
<details>
61
58
<imgsrc="images/lab-1-2-3.png"/>
@@ -64,7 +61,7 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
64
61
> [!NOTE]
65
62
> You don't need a Copilot license in order to use the Copilot features with GitHub Advanced Security. However, Copilot can certainly be helpful in resolving issues in your IDE by using Copilot chat to explain the vulnerability and how to fix it.
66
63
67
-
7. Optionally, configure the **Check runs failure threshold** - by default, a pull request will be blocked if there are any high or higher security alerts.
64
+
6. Optionally, configure the **Check runs failure threshold** - by default, a pull request will be blocked if there are any high or higher security alerts.
0 commit comments