How to setup a GitHub Action for Code Security analysis

  1. Configure Github Actions in the Setting tab of the repo that needs to be scanned. Select Desired setting and save.

  1. Now visit "Code Security and analysis in the security section of settings. You can now see that Code Scanning is available to setup.

  1. Click "Explore Workflows" to see all available code scanning tool options

  1. Select desired code scanning tool and edit the drafted YAML file if needed. For this example was selected:

Note: Github will attempt to sense the language that repository is using. Notice above that Github has already that easybuggy is a Java app and added that language in line #40 of the screenshot

  1. Ensure that Github has detected the correct language for scanning and edit accordingly

  2. Configure the push/pull branches for scanning based on your needs

  3. Click commit changes on the right of the screen

  1. Select "Create a new branch..." so that a new branch can be created just in case Github's autobuild feature doesn't work as intended

  1. Click "Propose Changes" to draft the pull request and annotate any description information if needed.

  1. Click "Create Pull Request" to start the job

  1. Visit the Actions tab when the job is complete to see the workflow runs

  1. Select the run and see if the build completed without issues

  2. If the job fails, this could mean that the Autobuild process needs some adjustments for success. This happens when your application has a different/custom build outside of the standard build process. This can be corrected by configuring the correct settings in the YAML file.

  3. Once the job completes, click into the run to see the stages of the build and analysis

  1. Now go to Pull Requests and merge the request into master branch for results

  1. Go to the Security tab and select code scanning to see the results of the scan

  1. Now every time there is a pull request from the master branch, this will show if there are any issues with the code before merging

Last updated