Code Scanning a GitHub Repository using GitHub Advanced Security within an Azure DevOps Pipeline by Kevin Alwell


GitHub Advanced Security now supports the ability to analyze your code for semantic vulnerabilities from within your third-party CI pipelines. Previously, this capability was available exclusively with GitHub Actions. In this post, I will walk you through a simple implementation of GitHub Advanced Security Code Scanning in an Azure DevOps CI pipeline with a node application using the YAML editor. The Code Scanning results will resurface after the scan back in your GitHub repository under the Security tab for your developers to review and remediate.If your organization does not have GitHub Advanced Security enabled, you will not see “Code scanning alerts” or “Detected secrets”. Rather than leveraging the native GitHub Actions workflow with the standard “Set Up Workflow” experience we are going to use an Azure DevOps pipeline.   Navigate to your Azure DevOps pipeline to begin integrating CodeQL.     The Azure Pipelines Agent I am using is ephemeral....

December 31, 2020
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.