Repositories list

• sample-javascript-monorepo

  Public
  TypeScript

  •

  MIT License

  •0•0•0•10•Updated Mar 28, 2025Mar 28, 2025

• monorepo-code-scanning-action

  Public
  Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

  actionsmonoreposast+ 3codeqladvanced-securitycode-scanning-ready

  JavaScript

  •

  MIT License

  •0•6•3•2•Updated Mar 27, 2025Mar 27, 2025

• codeql-development-toolkit

  Public
  The CodeQL Development toolkit is a tool for making common CodeQL development workflows easier.

  C#

  •

  MIT License

  •2•8•9•0•Updated Mar 27, 2025Mar 27, 2025

• codeql-bundle

  Public
  CLI to build a custom CodeQL bundle

  Python

  •

  MIT License

  •4•10•3•1•Updated Mar 27, 2025Mar 27, 2025

• codeql-sap-js

  Public
  CodeQL models for SAP JavaScript frameworks CAP, UI5 and XSJS

  CodeQL

  •

  MIT License

  •1•5•4•3•Updated Mar 26, 2025Mar 26, 2025

• generate-sbom-action

  Public
  An Action to wrap creating an SBOM via REST API

  TypeScript

  •

  MIT License

  •4•18•0•10•Updated Mar 24, 2025Mar 24, 2025

• monorepo-filtering-workaround

  Public
  A monorepo filtering workaround for GitHub Advanced Security Code Scanning using renaming of the scanning tool in an Actions workflow

  monoreposarifcode-scanning+ 5sastactions-workflowcodeqladvanced-securityghas

  Java

  •

  MIT License

  •6•10•1•2•Updated Mar 24, 2025Mar 24, 2025

• spdx-dependency-submission-action

  Public
  upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API

  JavaScript

  •

  MIT License

  •4•12•2•5•Updated Mar 24, 2025Mar 24, 2025

• reusable-workflows

  Public
  Advanced Security Reusable GitHub Actions Workflows

  MIT License

  •6•3•4•3•Updated Mar 24, 2025Mar 24, 2025

• codeql-summarize

  Public
  CodeQL Summary Generator

  Python

  •

  MIT License

  •2•7•2•1•Updated Mar 24, 2025Mar 24, 2025

• policy-as-code

  Public
  GitHub Advanced Security Policy as Code

  Python

  •

  MIT License

  •18•81•12•4•Updated Mar 24, 2025Mar 24, 2025

• ghas-bootcamp

  Public template
  Java

  •3•10•0•2•Updated Mar 21, 2025Mar 21, 2025

• ghas-workshop

  Public template
  Java

  •11•8•1•2•Updated Mar 21, 2025Mar 21, 2025

• awesome-codeql

  Public
  A curated list of awesome CodeQL resources.

  awesomeawesome-list

  MIT License

  •2•34•0•0•Updated Mar 21, 2025Mar 21, 2025

• codeql-extractor-iac

  Public
  CodeQL Extractor, Library, and Queries for Infrastructure as Code

  CodeQL

  •

  MIT License

  •6•47•16•3•Updated Mar 21, 2025Mar 21, 2025

• SARIF-viewer

  Public
  JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

  Kotlin

  •

  MIT License

  •3•9•3•1•Updated Mar 20, 2025Mar 20, 2025

• sample-codeql-pipeline-config

  Public
  Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning

  MIT License

  •11•19•0•2•Updated Mar 17, 2025Mar 17, 2025

• conda-dependency-submission-action

  Public
  TypeScript

  •

  MIT License

  •3•0•0•6•Updated Mar 17, 2025Mar 17, 2025

• python-lint-code-scanning-action

  Public
  Lint and type check Python with your choice of popular linters, and upload results to GitHub Code Scanning

  Python

  •

  MIT License

  •3•0•3•0•Updated Mar 11, 2025Mar 11, 2025

• ghas-reviewer-app

  Public
  GitHub Advanced Security Pull Request Security Team required review GitHub App

  github-appadvanced-security

  Python

  •

  MIT License

  •10•35•5•3•Updated Mar 6, 2025Mar 6, 2025

• codeql_container_example

  Public
  This repository serves as an exemplary resource demonstrating how to set up CodeQL to scan containerized applications for vulnerabilities. Its primary objective is to showcase the implementation of CodeQL in the code scanning process.

  containerscodeqlcodescanning

  TypeScript

  •

  MIT License

  •2•1•0•1•Updated Mar 6, 2025Mar 6, 2025

• ghe-cross-instance-committers

  Public
  A script which will return the total number of unique de-deuped active committers across multiple GHES instances

  ghas

  TypeScript

  •

  MIT License

  •4•6•2•1•Updated Mar 1, 2025Mar 1, 2025

• ghas-seat-projection

  Public
  GitHub Action to get information of assess how many seats enablement of GHAS will consume when enabled on a repository

  JavaScript

  •

  MIT License

  •1•1•3•0•Updated Feb 27, 2025Feb 27, 2025

• component-detection-dependency-submission-action

  Public
  TypeScript

  •

  MIT License

  •6•16•5•6•Updated Feb 24, 2025Feb 24, 2025

• secret-scanning-review-action

  Public
  Action to detect if a secret is initially detected in a pull request

  Python

  •

  MIT License

  •3•15•6•2•Updated Feb 24, 2025Feb 24, 2025

• secret-scanning-custom-patterns

  Public
  Examples of Custom Secret Scanning Patterns

  regexregex-patternssecret-scanning+ 1github-advanced-security

  HTML

  •

  MIT License

  •24•158•6•1•Updated Feb 21, 2025Feb 21, 2025

• gh-ghas-audit

  Public
  GitHub CLI extension to audit GHAS and code scanning setup for one or more organizations and repositories.

  Go

  •

  MIT License

  •0•2•0•0•Updated Feb 11, 2025Feb 11, 2025

• sbom-generator-action

  Public archive
  JavaScript

  •

  MIT License

  •5•15•3•0•Updated Feb 7, 2025Feb 7, 2025

• cocoapods-dependency-submission-action

  Public
  CocoaPods Lockfile Dependency Submission Action

  Python

  •

  MIT License

  •3•5•2•0•Updated Feb 3, 2025Feb 3, 2025

• advanced-security-material

  Public
  code-scanningcodeqladvanced-security+ 2advanced-security-trainingsecurity

  Shell

  •25•70•0•2•Updated Jan 28, 2025Jan 28, 2025