New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research: Github Code Scanning #134

Open

baruchiro opened this issue Jul 13, 2023 · 0 comments

Labels

Contributor

baruchiro commented Jul 13, 2023 •

edited

Loading

This research should consider the entire flow of Github Code Scanning.

When are we identifying the secret in the first place? In a PR?
How does a finding in a PR become to be a Code Scanning issue (in the Security tab)?
How to dismiss a finding? What if the user deleted it in a commit, but didn't remove it from the history? Is it will still be considered a Code Scanning issue?

for example

Originally posted by @jossef in #128 (comment)

Check the possibility of uploading a report to mark the secret on the code, like in Kics.

See why gitleaks not using Github Code Scanning.

But we can do annotations like in Kics.

Originally posted by @baruchiro in #39 (comment)

The text was updated successfully, but these errors were encountered:

baruchiro added the enhancement label

baruchiro mentioned this issue

Adjust SARIF format to Github Code Scanning #128

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment