Skip to content

Latest commit

 

History

History
41 lines (27 loc) · 1.17 KB

README.md

File metadata and controls

41 lines (27 loc) · 1.17 KB

Code Vulnerability Scanning Demo

This is a demo project to test automatic code scanning and reporting

⚠️ Not for production use.

Results are available in Action log, but are also pushed to GitHub code scanning alerts if Advanced Security is available. Checks will not fail if pushing is not possible (due to missing license etc).

Supported Scanners

Examples

Go

  • gosec: Static code analysis, reports known bad code patterns
  • govulncheck: Depedency vulnerability reporting based on static code analysis (can also scan compiled binaries)
  • CodeQL: Static analysis

Python

  • bandit: Static analysis
  • CodeQL: Static analysis
  • pip-audit: Dependency vulnerability reporting

Terraform

  • tfsec: Best practice and risk scanning
  • checkov: Best practice and risk scanning

Bicep

  • checkov: Best practice and risk scanning