Register
Login
Resources
Docs Blog Datasets Glossary Case Studies Tutorials & Webinars
Product
Data Engine LLMs Platform Enterprise
Pricing Explore
Connect to our Discord channel
Resources  
Docs Blog Datasets Glossary Case Studies Tutorials & Webinars
Explore Pricing
Product  
Data Engine LLMs Platform Enterprise
Connect to Dagshub Discord channel
Register
Login

stmulugheta
/
docs
mirror of https://github.com/stmulugheta/docs.git

Watch 2
Issues   Discussions 0

configuring-code-scanning-for-your-appliance.md 10 KB
History Raw

You have to be logged in to leave a comment. Sign In
title shortTitle intro product miniTocMaxHeadingLevel redirect_from versions
Configuring code scanning for your appliance Configuring code scanning You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors. {% data reusables.gated-features.code-scanning %} 4 [/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance] [{enterprise-server >=2.22}]

{% data reusables.code-scanning.beta %}

About {% data variables.product.prodname_code_scanning %}

{% data reusables.code-scanning.about-code-scanning %}

The table below summarizes the available types of analysis for {% data variables.product.prodname_code_scanning %}, and provides links on enabling the feature for individual repositories.

{% data reusables.code-scanning.enabling-options %}

For the users of {% data variables.product.product_location %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.

How do I know if {% data variables.product.prodname_code_scanning %} is enabled for my appliance

{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %}

  1. Check if there is an {% data variables.product.prodname_advanced_security %} entry in the left sidebar. Advanced Security sidebar

{% data reusables.enterprise_management_console.advanced-security-license %}

Enabling {% data variables.product.prodname_code_scanning %}

{% data reusables.enterprise_management_console.enable-disable-security-features %}

{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.advanced-security-tab %}

  1. Under "{% data variables.product.prodname_advanced_security %}," click {% data variables.product.prodname_code_scanning_capc %}. Checkbox to enable or disable {% data variables.product.prodname_code_scanning %} {% data reusables.enterprise_management_console.save-settings %}

Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}

Setting up a self-hosted runner

{% data variables.product.prodname_ghe_server %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "About self-hosted runners" and "Adding self-hosted runners."

You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.

{% if currentVersion == "enterprise-server@2.22" %}

Provisioning the actions

To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate actions must be available locally. You can make the actions available in three ways.

  • Recommended: You can use {% data variables.product.prodname_github_connect %} to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}."
  • If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at https://github.com/github/codeql-action-sync-tool. You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
  • You can create a local copy of an action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository that contains the action. For example, if you want to use the actions for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can create a repository in your instance called github/codeql-action, then clone the repository from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's github/codeql-action repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's github/codeql-action repository as releases.
Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
  1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "Enabling {% data variables.product.prodname_github_connect %}."
  2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_server %}."
  3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}."
  4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "Adding self-hosted runners." {% endif %}

{% if currentVersion ver_gt "enterprise-server@2.22" %}

Configuring {% data variables.product.prodname_codeql %} on a server without internet access

If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, and you want to allow users to enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} for their repositories, you must use the {% data variables.product.prodname_codeql %} Action sync tool to copy the {% data variables.product.prodname_codeql %} actions and query bundle from {% data variables.product.prodname_dotcom_the_website %} to your server. The tool, and details of how to use it, are available at https://github.com/github/codeql-action-sync-tool. {% endif %}

Enabling code scanning for individual repositories

After you configure a self-hosted runner, {% if currentVersion == "enterprise-server@2.22" %}and provision the actions,{% endif %} users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "Setting up {% data variables.product.prodname_code_scanning %} for a repository."

Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}

If you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}.

The {% data variables.product.prodname_codeql_runner %} is a command-line tool that you can add to your third-party CI/CD system. The tool runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. For more information, see "Running {% data variables.product.prodname_code_scanning %} in your CI system."

Disabling {% data variables.product.prodname_code_scanning %}

{% data reusables.enterprise_management_console.enable-disable-security-features %}

{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.advanced-security-tab %}

  1. Under "{% data variables.product.prodname_advanced_security %}", unselect {% data variables.product.prodname_code_scanning_capc %}. Checkbox to enable or disable {% data variables.product.prodname_code_scanning %} {% data reusables.enterprise_management_console.save-settings %}
Prev
Next
Tip!

Press p or to see the previous file or, n or to see the next file

Comments

Write Preview
Loading...
Integrate AWS S3
Use S3 remote
Select bucket
Access key
Finish

Use AWS S3 as storage!

Browsing data directories saved to S3 is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your S3 bucket

Access key (If needed)

Congratulations!

docs is now integrated with AWS S3!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate Google Cloud Storage
Use Google Storage
Select bucket
Upload key
Finish

Use Google Cloud Storage!

Browsing data directories saved to Google Cloud Storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your Google Storage bucket

Service Account Key

Congratulations!

docs is now integrated with Google Cloud Storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate Azure Cloud Storage
Use Azure Storage
Select bucket
Set key
Finish

Use Azure Cloud Storage!

Browsing data directories saved to Azure Cloud Storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your Azure Storage bucket

Access key (If needed)

Congratulations!

docs is now integrated with Azure Cloud Storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes
Integrate S3 compatible storage
Use S3 like remote
Select bucket
Access key
Finish

Use any S3 compatible storage!

Browsing data directories saved to S3 compatible storage is possible with DAGsHub. Let's configure your repository to easily display your data in the context of any commit!

Specify your S3 bucket

Bucket name cannot be the same as the repository name. Please change one of them.

Access key (If needed)

Congratulations!

docs is now integrated with your S3 compatible storage!

Delete Storage Key

Are you sure you want to delete this access key?

No
Yes