豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content
@advanced-security

GitHub Advanced Security

Home of Advanced Security solutions that we can share with the world
README.md

Welcome to the GitHub Advanced Security Organisation! 👋

This organisation contains open source initiatives created by developers at GitHub (and around the world) to show the art of the possible with advanced security. :octocat: 💻

GitHub Advanced Security consists of CodeQL, Code Scanning, Secret Scanning, Security Overview and Dependency Review. A core principle of each of these solutions is being automated and integrable via API's and Webhooks. In this organisation, you will find starter kits, actions, custom queries and bundles, scripts and full-blown solutions that show off how you can integrate into GitHub Advanced Security (GHAS).

In comparison to the official GitHub organisation, a lot of the software you find here is developed as a best effort. These are open-source solutions developed outside of core responsibilities but with the aim for you to leverage and consume as you would any standard open-source software. 👐

We love contributions and feedback from you! So please feel free to open pull requests and issues as you can! 💕

Welcome and we hope what you find here useful 🙇

Pinned Loading

  1. awesome-codeql awesome-codeql Public

    A curated list of awesome CodeQL resources.

    80 8

  2. awesome-secret-scanning awesome-secret-scanning Public

    A curated list of awesome GitHub Advanced Security secret scanning resources.

    PowerShell 15 4

  3. secret-scanning-custom-patterns secret-scanning-custom-patterns Public

    Examples of Custom Secret Scanning Patterns for use with GitHub Secret Protection/Advanced Security

    HTML 171 28

  4. awesome-dependabot awesome-dependabot Public

    A curated list of awesome Dependabot (and related software supply chain) resources.

    10 3

  5. advanced-security-material advanced-security-material Public

    Shell 77 26

Repositories

Showing 10 of 97 repositories
  • spdx-dependency-submission-action Public

    upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API

    advanced-security/spdx-dependency-submission-action’s past year of commit activity
    JavaScript 24 MIT 6 4 4 Updated Apr 20, 2026
  • codeql-development-mcp-server Public

    LLM <-- MCP --> CodeQL( AST | CFG | CLI | LSP )

    advanced-security/codeql-development-mcp-server’s past year of commit activity
    TypeScript 19 2 6 1 Updated Apr 20, 2026
  • maven-dependency-submission-action Public

    GitHub Action for submitting Maven dependencies

    advanced-security/maven-dependency-submission-action’s past year of commit activity
    TypeScript 58 MIT 37 15 3 Updated Apr 20, 2026
  • codeql-scanner-vscode Public

    CodeQL Plugin for VSCode to help scan and view alerts in code

    advanced-security/codeql-scanner-vscode’s past year of commit activity
    TypeScript 5 MIT 2 1 5 Updated Apr 20, 2026
  • component-detection-dependency-submission-action Public

    This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time.

    advanced-security/component-detection-dependency-submission-action’s past year of commit activity
    TypeScript 20 MIT 30 4 6 Updated Apr 20, 2026
  • codeql-development-template Public template

    Copilot-native repository template for CodeQL query development

    advanced-security/codeql-development-template’s past year of commit activity
    CodeQL 9 MIT 0 1 1 Updated Apr 20, 2026
  • codeql-sarif-security-standard-annotator Public

    Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard

    advanced-security/codeql-sarif-security-standard-annotator’s past year of commit activity
    TypeScript 10 MIT 1 1 3 Updated Apr 20, 2026
  • secret-scanning-notifications Public

    A GitHub Action that sends email notifications to security manager team for any new or resolved secret scanning alerts based on a set frequency

    advanced-security/secret-scanning-notifications’s past year of commit activity
    TypeScript 1 MIT 3 0 13 Updated Apr 20, 2026
  • conda-dependency-submission-action Public

    GitHub Action that scans Conda manifest files and submits their dependencies to GitHub's Dependency Graph,

    advanced-security/conda-dependency-submission-action’s past year of commit activity
    TypeScript 1 MIT 3 0 8 Updated Apr 20, 2026
  • codeql-extractor-action Public

    specify a CodeQL extractor to be used in your workflows as an author of an Extractor.

    advanced-security/codeql-extractor-action’s past year of commit activity
    Rust 2 MIT 0 1 9 Updated Apr 20, 2026
View all repositories

Top languages

Loading…

Most used topics

Loading…