Skip to content

Commit b162724

Browse files
chriswblakechriswblake
authored
Update review to match updated exercise steps
1 parent 5551203 commit b162724

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

.github/steps/x-review.md

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,19 @@
11
## Review
22

3-
Here's a recap of the tasks you accomplished:
3+
Great job completing the exercise! You have now:
44

5-
- Enabled CodeQL on your repository.
6-
- CodeQL scanned the code in your repository and notified us of two SQL injection vulnerabilities.
7-
- Reviewed the findings, marked the findings as closed, and explored the audit trail.
8-
- Fixed your code in the main branch and saw that the findings automatically closed out.
9-
- Introduced a new vulnerability in a new branch.
10-
- Created a pull request, and were notified of the vulnerability.
5+
- Enabled Code Scanning with CodeQL in your repository.
6+
- Introduced and detected a vulnerability using a pull request.
7+
- Reviewed and triaged CodeQL alerts.
8+
- Fixed a security vulnerability and verified the alert was resolved.
9+
10+
By following these steps, you’ve learned how to use GitHub’s security features to keep your codebase safe. Remember, regularly reviewing and addressing security alerts is an important part of maintaining healthy projects.
1111

1212
### What's next?
1313

14-
- Continue your learning! Our [code scanning documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) is a great resource for learning more about CodeQL.
15-
- Learn more about CodeQL. Take a look at the [CodeQL documentation](https://codeql.github.com/docs/) site to learn about all of the features of this powerful tool.
1614
- [Take another Skills exercise.](https://github.com/skills).
17-
- [Read the GitHub Getting Started docs](https://docs.github.com/en/get-started).
18-
- To find projects to contribute to, check out [GitHub Explore](https://github.com/explore).
15+
- Visit the [CodeQL documentation](https://codeql.github.com/docs/) to learn about about customizing your code scanning.
16+
- Check out the [code scanning documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) to learn about connecting 3rd party scanning tools
17+
- Explore the [CodeQL CLI & VS Code extension](https://codeql.github.com/docs/codeql-cli/) to run and write custom queries locally.
18+
- Read the [triaging code scanning alerts guide](https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests) for best practices on investigating alerts.
19+
- Learn about [advanced CodeQL query features](https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query) to build complex custom analyses.

0 commit comments

Comments
 (0)