{"id":17087225,"url":"https://github.com/nvdaes/skills-introduction-to-codeql","last_synced_at":"2026-04-17T05:03:35.618Z","repository":{"id":249414350,"uuid":"831455996","full_name":"nvdaes/skills-introduction-to-codeql","owner":"nvdaes","description":"GitHub Skills: Introduction to CodeQL","archived":false,"fork":false,"pushed_at":"2024-07-20T15:49:13.000Z","size":2514,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-14T18:59:37.228Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nvdaes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-20T15:48:13.000Z","updated_at":"2024-07-20T15:48:42.000Z","dependencies_parsed_at":"2024-07-20T17:02:38.005Z","dependency_job_id":"a8ec8412-8d92-4bd7-95b2-63139fa6075e","html_url":"https://github.com/nvdaes/skills-introduction-to-codeql","commit_stats":null,"previous_names":["nvdaes/skills-introduction-to-codeql"],"tags_count":0,"template":false,"template_full_name":"skills/introduction-to-codeql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nvdaes%2Fskills-introduction-to-codeql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nvdaes%2Fskills-introduction-to-codeql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nvdaes%2Fskills-introduction-to-codeql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nvdaes%2Fskills-introduction-to-codeql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nvdaes","download_url":"https://codeload.github.com/nvdaes/skills-introduction-to-codeql/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245119574,"owners_count":20563763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-14T13:31:51.096Z","updated_at":"2026-04-17T05:03:35.582Z","avatar_url":"https://github.com/nvdaes.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cheader\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Course header \u003e\u003e\u003e\n  Read \u003chttps://skills.github.com/quickstart\u003e for more information about how to build courses using this template.\n  Include a 1280×640 image, course name in sentence case, and a concise description in emphasis.\n  In your repository settings: enable template repository, add your 1280×640 social image, auto delete head branches.\n  Next to \"About\", add description \u0026 tags; disable releases, packages, \u0026 environments.\n  Add your open source license, GitHub uses the MIT license.\n--\u003e\n\n# Enable CodeQL to secure your source code\n\n_Ensuring the security of application source code is a critical step in modern software development. In this GitHub Skills course, you will learn to use GitHub code scanning to identify, resolve, and prevent insecure coding patterns._\n\n\u003c/header\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Step 1 \u003e\u003e\u003e\n  Choose 3-5 steps for your course.\n  The first step is always the hardest, so pick something easy!\n  Link to docs.github.com for further explanations.\n  Encourage users to open new tabs for steps!\n  TBD-step-1-notes.\n--\u003e\n\n## Step 1: Enable CodeQL\n\n👋 Hello! Welcome to the GitHub Skills course: Enable code scanning! \n\nLet's get started!  \n\nIn this first step, we'll be learning more about CodeQL and how to use it to secure your source code. \n\n**What is GitHub code scanning**: _[Code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)_ is a capability that allows development teams to integrate security testing tools into the software development process. This is done using GitHub Actions. With code scanning, you can integrate many different types of tools including SAST, container, and infrastructure as code security tools.\n\n**What is CodeQL**: _[CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)_ is a static analysis testing tool that helps you identify security weaknesses such as SQL injection, cross-site scripting, and code injection issues.\n\n### :keyboard: Activity: Enable code scanning with CodeQL\n  \nFirst, we will enable code scanning with CodeQL in our repository.\n\n1. Open a new browser tab, and work on the steps in your second tab while you read the instructions in this tab.\n2. Navigate the to **Settings** tab at the top of your newly created repository.\n3. Under the **Security** section on the left side, select **Code security and analysis**.\n4. Scroll down to the section titled **Code scanning**. For the purpose of this course, we will focus on CodeQL analysis.\n5. Click on the **Set up** dropdown menu and choose **Default**.\n![enable-code-scanning-default.png](/images/enable-code-scanning-default.png)\n\nLet's take a look at the configuration options in the modal:\n  \n  - **Languages to analyze:** These are the languages that will be scanned by CodeQL. In this case, we will be scanning in `Python`.  \n  - **Query suites:** CodeQL [queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries) are packaged in bundles called \"suites\". This section allows you to choose which query suite to use.  We'll leave this set as **Default** for this exercise. For more information, see \"[About CodeQL queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries).\" \n  - **Events:** This section tells CodeQL when to scan. In this case, it's set to scan on any pull request to the `main` branch.\n    \n![codeql-default-configuration-box.png](/images/codeql-default-configuration-box.png)\n\n6. Click **Enable CodeQL**\n7. Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to the next step.\n\n\u003cfooter\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Footer \u003e\u003e\u003e\n  Add a link to get support, GitHub status page, code of conduct, license link.\n--\u003e\n\n---\n\nGet help: [Post in our discussion board](https://github.com/orgs/skills/discussions/categories/introduction-to-codeql) \u0026bull; [Review the GitHub status page](https://www.githubstatus.com/)\n\n\u0026copy; 2023 GitHub \u0026bull; [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) \u0026bull; [MIT License](https://gh.io/mit)\n\n\u003c/footer\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnvdaes%2Fskills-introduction-to-codeql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnvdaes%2Fskills-introduction-to-codeql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnvdaes%2Fskills-introduction-to-codeql/lists"}