GitHub Advanced Security

All

97 repositories

conda-dependency-submission-action
Public
GitHub Action that scans Conda manifest files and submits their dependencies to GitHub's Dependency Graph,
dependency-graph conda dependabot dependency-graph-api
TypeScript
•
MIT License
•3•0•0•6•Updated Feb 25, 2026Feb 25, 2026
ghe-cross-instance-committers
Public
A script which will return the total number of unique de-deuped active committers across multiple GHES instances
ghas
TypeScript
•
MIT License
•5•6•2•4•Updated Feb 25, 2026Feb 25, 2026
codeql-sap-js
Public
CodeQL models for SAP JavaScript frameworks CAP, UI5 and XSJS
TypeScript
•
MIT License
•3•6•9•5•Updated Feb 25, 2026Feb 25, 2026
dismiss-alerts
Public
Dismiss GitHub Code Scanning alerts from SARIF suppression data
sarif code-scanning sast code-security ghas github-advanced-security
Java
•
MIT License
•4•19•1•4•Updated Feb 24, 2026Feb 24, 2026
component-detection-dependency-submission-action
Public
This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time.
github-actions
TypeScript
•
MIT License
•27•20•3•3•Updated Feb 24, 2026Feb 24, 2026
secret-validator-grunt
Public
Agentic validation of GitHub Secret Scanning alerts.
Python
•
MIT License
•0•0•0•0•Updated Feb 24, 2026Feb 24, 2026
codeql-development-mcp-server
Public
LLM <-- MCP --> CodeQL( AST | CFG | CLI | LSP )
mcp static-analysis ast code-quality cfg lsp code-security codeql copilot-enabled
TypeScript
•
Other
•0•6•5•0•Updated Feb 24, 2026Feb 24, 2026
github-sbom-toolkit
Public
Gather SBOMs from the GitHub Dependency Graph and report matches with packages, such as malware advisories from the GitHub Advisory Database or PURLs of your ch…
malware dependency-graph dependencies supplychain purl sbom advanced-security ghas
TypeScript
•
MIT License
•3•12•0•2•Updated Feb 23, 2026Feb 23, 2026
secret-scanning-review-action
Public
Action to detect if a secret is initially detected in a pull request
PowerShell
•
MIT License
•7•20•5•4•Updated Feb 23, 2026Feb 23, 2026
spdx-dependency-submission-action
Public
upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API
JavaScript
•
MIT License
•6•23•1•1•Updated Feb 23, 2026Feb 23, 2026
SARIF-viewer
Public
JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
Kotlin
•
MIT License
•5•9•3•8•Updated Feb 23, 2026Feb 23, 2026
ghas-to-csv
Public
Play with GHAS API to provide posture data over time
csv github-actions github-advanced-security
Python
•
MIT License
•17•41•1•1•Updated Feb 23, 2026Feb 23, 2026
ghas-api-python-scripts
Public
GitHub Advanced Security scripts to interact with parts of the API, driven by a lightweight GitHub API wrapper written in Python
Python
•
MIT License
•0•5•0•0•Updated Feb 23, 2026Feb 23, 2026
reusable-workflows
Public
Advanced Security Reusable GitHub Actions Workflows
MIT License
•6•3•4•4•Updated Feb 23, 2026Feb 23, 2026
dependabot-kev-action
Public
Action to detect if any open Dependabot alerts are in the CISA Known Exploited Vulnerabilities (KEV) Catalog of CVEs and fail the workflow.
PowerShell
•
MIT License
•3•8•1•0•Updated Feb 23, 2026Feb 23, 2026
codeql-development-template
Public template
Copilot-native repository template for CodeQL query development
CodeQL
•
MIT License
•0•9•0•2•Updated Feb 23, 2026Feb 23, 2026
codeql-extractor-iac
Public
CodeQL Extractor, Library, and Queries for Infrastructure as Code
CodeQL
•
MIT License
•12•59•13•4•Updated Feb 23, 2026Feb 23, 2026
ghas-reviewer-app
Public
GitHub Advanced Security Pull Request Security Team required review GitHub App
github-app advanced-security
Python
•
MIT License
•11•36•6•4•Updated Feb 23, 2026Feb 23, 2026
sample-javascript-monorepo
Public
Detached fork of babel/babel to use as a TypeScript monorepo sample with 150+ packages using the monorepo-code-scanning-action https://github.com/advanced-secu…
TypeScript
•
MIT License
•1•0•0•6•Updated Feb 20, 2026Feb 20, 2026
ghas-seat-projection
Public
GitHub Action to get information of assess how many seats enablement of GHAS will consume when enabled on a repository
JavaScript
•
MIT License
•1•2•3•1•Updated Feb 18, 2026Feb 18, 2026
codeql-sarif-security-standard-annotator
Public
Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security stan…
TypeScript
•
MIT License
•1•10•1•2•Updated Feb 16, 2026Feb 16, 2026
codeql-scanner-vscode
Public
CodeQL Plugin for VSCode to help scan and view alerts in code
TypeScript
•
MIT License
•2•5•1•5•Updated Feb 16, 2026Feb 16, 2026
codeql-extractor-action
Public
specify a CodeQL extractor to be used in your workflows as an author of an Extractor.
Rust
•
MIT License
•0•2•1•6•Updated Feb 16, 2026Feb 16, 2026
ghas-license-utilization
Public
Optimize the utilization of GHAS licenses in an enterprise (or organization)
advanced-security ghas
Python
•
MIT License
•3•15•0•1•Updated Feb 12, 2026Feb 12, 2026
advanced-security-material
Public
security code-scanning codeql advanced-security advanced-security-training
Shell
•25•75•2•2•Updated Feb 11, 2026Feb 11, 2026
policy-as-code
Public
GitHub Advanced Security Policy as Code
Python
•
MIT License
•22•95•9•5•Updated Feb 11, 2026Feb 11, 2026
awesome-codeql
Public
A curated list of awesome CodeQL resources.
awesome awesome-list
MIT License
•9•74•1•0•Updated Feb 10, 2026Feb 10, 2026
enterprise-security-team
Public
Manage a uniform team of security managers for every organization in your enterprise
enterprise ghas
Python
•
MIT License
•6•24•0•1•Updated Feb 9, 2026Feb 9, 2026
awesome-dependabot
Public
A curated list of awesome Dependabot (and related software supply chain) resources.
awesome awesome-list
MIT License
•3•7•0•3•Updated Feb 5, 2026Feb 5, 2026
secret-scanning-tools
Public
Testing Suite for GitHub Secret Scanning Custom Patterns
secret-scanning github-advanced-security
Python
•
MIT License
•2•8•0•5•Updated Feb 2, 2026Feb 2, 2026