GitHub Advanced Security

All

95 repositories

dismiss-alerts
Public
Dismiss GitHub Code Scanning alerts from SARIF suppression data
sarif code-scanning sast code-security ghas github-advanced-security
Java
•
MIT License
•4•18•1•7•Updated Jan 15, 2026Jan 15, 2026
conda-dependency-submission-action
Public
GitHub Action that scans Conda manifest files and submits their dependencies to GitHub's Dependency Graph,
dependency-graph conda dependabot dependency-graph-api
TypeScript
•
MIT License
•3•0•0•6•Updated Jan 15, 2026Jan 15, 2026
codeql-sap-js
Public
CodeQL models for SAP JavaScript frameworks CAP, UI5 and XSJS
TypeScript
•
MIT License
•3•6•10•6•Updated Jan 15, 2026Jan 15, 2026
component-detection-dependency-submission-action
Public
TypeScript
•
MIT License
•24•18•4•2•Updated Jan 13, 2026Jan 13, 2026
spdx-dependency-submission-action
Public
upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API
JavaScript
•
MIT License
•6•20•1•2•Updated Jan 13, 2026Jan 13, 2026
awesome-codeql
Public
A curated list of awesome CodeQL resources.
awesome awesome-list
MIT License
•9•66•1•1•Updated Jan 12, 2026Jan 12, 2026
secret-scanning-review-action
Public
Action to detect if a secret is initially detected in a pull request
PowerShell
•
MIT License
•7•18•5•3•Updated Jan 12, 2026Jan 12, 2026
reusable-workflows
Public
Advanced Security Reusable GitHub Actions Workflows
MIT License
•6•3•3•4•Updated Jan 12, 2026Jan 12, 2026
codeql-sarif-security-standard-annotator
Public
Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard
TypeScript
•
MIT License
•1•10•1•3•Updated Jan 12, 2026Jan 12, 2026
codeql-summarize
Public
CodeQL Summary Generator
Python
•
MIT License
•2•7•2•2•Updated Jan 12, 2026Jan 12, 2026
sample-javascript-monorepo
Public
Detached fork of babel/babel to use as a TypeScript monorepo sample with 150+ packages using the monorepo-code-scanning-action https://github.com/advanced-security/monorepo-code-scanning-action
TypeScript
•
MIT License
•0•0•0•6•Updated Jan 9, 2026Jan 9, 2026
flake8-sarif-formatter
Public
Format Flake8 results as SARIF for input to SAST tools such as GitHub Code Scanning
Python
•
MIT License
•2•2•1•0•Updated Jan 9, 2026Jan 9, 2026
ghas-to-csv
Public
Play with GHAS API to provide posture data over time
csv github-actions github-advanced-security
Python
•
MIT License
•18•40•2•0•Updated Jan 9, 2026Jan 9, 2026
ghas-reviewer-app
Public
GitHub Advanced Security Pull Request Security Team required review GitHub App
github-app advanced-security
Python
•
MIT License
•10•36•6•2•Updated Jan 8, 2026Jan 8, 2026
brew-dependency-submission-action
Public
Brew Lockfile Dependency Submission Action
homebrew brew actions
Python
•
MIT License
•4•3•1•3•Updated Jan 8, 2026Jan 8, 2026
codeql-dependency-graph-action
Public
CodeQL <-> Dependency Graph Actions
Python
•
MIT License
•1•0•0•1•Updated Jan 8, 2026Jan 8, 2026
secret-scanning-tools
Public
Testing Suite for GitHub Secret Scanning Custom Patterns
secret-scanning github-advanced-security
Python
•
MIT License
•2•8•0•3•Updated Jan 8, 2026Jan 8, 2026
set-codeql-language-matrix
Public
Automatically set the CodeQL matrix job using the languages in your repository.
codeql
Python
•
MIT License
•10•16•4•1•Updated Jan 8, 2026Jan 8, 2026
cocoapods-dependency-submission-action
Public
CocoaPods Lockfile Dependency Submission Action
Python
•
MIT License
•3•5•2•3•Updated Jan 8, 2026Jan 8, 2026
gradle-lock-dependency-submission-action
Public
Gradle Lockfile Dependency Submission Action
Python
•
MIT License
•1•2•0•1•Updated Jan 8, 2026Jan 8, 2026
sarif-toolkit
Public
All things SARIF, as an Action
Python
•
MIT License
•3•4•4•3•Updated Jan 8, 2026Jan 8, 2026
cbom-action
Public
Create a Crypto Bill of Materials using CodeQL
Python
•
MIT License
•19•13•2•1•Updated Jan 8, 2026Jan 8, 2026
codeql-extractor-iac
Public
CodeQL Extractor, Library, and Queries for Infrastructure as Code
CodeQL
•
MIT License
•12•57•13•3•Updated Jan 5, 2026Jan 5, 2026
monorepo-code-scanning-action
Public
Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define
actions monorepo sast codeql advanced-security code-scanning-ready
JavaScript
•
MIT License
•4•11•11•1•Updated Jan 4, 2026Jan 4, 2026
slack-secret-scanning-notifier-azure-function
Public
Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
slack-bot secret-scanning github-advanced-security
TypeScript
•
MIT License
•2•3•3•1•Updated Jan 1, 2026Jan 1, 2026
teams-secret-scanning-notifier-azure-function
Public
Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function
github-app security-team azure-function secret-scanning github-advanced-security microsoft-teams-bot
TypeScript
•
MIT License
•1•8•1•1•Updated Jan 1, 2026Jan 1, 2026
crypto-bill-of-materials-data
Public
Generate a Crypto Bill of Materials using CodeQL
TypeScript
•
MIT License
•3•2•0•1•Updated Jan 1, 2026Jan 1, 2026
GSSAR
Public
GitHub Secret Scanning Auto Remediator (GSSAR)
github javascript aws typescript remediation secret-scanning
TypeScript
•
MIT License
•11•46•2•1•Updated Jan 1, 2026Jan 1, 2026
ghe-cross-instance-committers
Public
A script which will return the total number of unique de-deuped active committers across multiple GHES instances
ghas
TypeScript
•
MIT License
•5•6•2•3•Updated Jan 1, 2026Jan 1, 2026
SARIF-viewer
Public
JetBrains IDE plugin for displaying SARIF from GHAS or from a local file
Kotlin
•
MIT License
•5•8•3•2•Updated Dec 31, 2025Dec 31, 2025