Skip to content
@advanced-security

GitHub Advanced Security

Home of Advanced Security solutions that we can share with the world
README.md

Welcome to the GitHub Advanced Security Organisation! 👋

This organisation contains open source initiatives created by developers at GitHub (and around the world) to show the art of the possible with advanced security. :octocat: 💻

GitHub Advanced Security consists of CodeQL, Code Scanning, Secret Scanning, Security Overview and Dependency Review. A core principle of each of these solutions is being automated and integrable via API's and Webhooks. In this organisation, you will find starter kits, actions, custom queries and bundles, scripts and full-blown solutions that show off how you can integrate into GitHub Advanced Security (GHAS).

In comparison to the official GitHub organisation, a lot of the software you find here is developed as a best effort. These are open-source solutions developed outside of core responsibilities but with the aim for you to leverage and consume as you would any standard open-source software. 👐

We love contributions and feedback from you! So please feel free to open pull requests and issues as you can! 💕

Welcome and we hope what you find here useful 🙇

Pinned Loading

  1. secret-scanning-custom-patterns secret-scanning-custom-patterns Public

    Examples of Custom Secret Scanning Patterns

    HTML 160 24

  2. advanced-security-material advanced-security-material Public

    Shell 71 25

  3. awesome-codeql awesome-codeql Public

    A curated list of awesome CodeQL resources.

    36 2

  4. awesome-secret-scanning awesome-secret-scanning Public

    A curated list of awesome GitHub Advanced Security secret scanning resources.

    10 1

  5. awesome-dependabot awesome-dependabot Public

    A curated list of awesome Dependabot (and related software supply chain) resources.

    3 1

Repositories

Showing 10 of 89 repositories
  • dismiss-alerts Public
    advanced-security/dismiss-alerts’s past year of commit activity
    Java 14 MIT 3 2 6 Updated Apr 8, 2025
  • reusable-workflows Public

    Advanced Security Reusable GitHub Actions Workflows

    advanced-security/reusable-workflows’s past year of commit activity
    3 MIT 4 4 3 Updated Apr 8, 2025
  • spdx-dependency-submission-action Public

    upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API

    advanced-security/spdx-dependency-submission-action’s past year of commit activity
    JavaScript 12 MIT 4 2 4 Updated Apr 8, 2025
  • policy-as-code Public

    GitHub Advanced Security Policy as Code

    advanced-security/policy-as-code’s past year of commit activity
    Python 82 MIT 19 12 4 Updated Apr 8, 2025
  • ghas-reviewer-app Public

    GitHub Advanced Security Pull Request Security Team required review GitHub App

    advanced-security/ghas-reviewer-app’s past year of commit activity
    Python 35 MIT 10 5 0 Updated Apr 8, 2025
  • spotbugs-findsecbugs-action Public

    Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning

    advanced-security/spotbugs-findsecbugs-action’s past year of commit activity
    6 MIT 5 1 0 Updated Apr 8, 2025
  • codeql-sarif-security-standard-annotator Public

    Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security standard

    advanced-security/codeql-sarif-security-standard-annotator’s past year of commit activity
    TypeScript 8 MIT 1 1 11 Updated Apr 8, 2025
  • secret-scanning-notifications Public

    A GitHub Action that sends email notifications to security manager team for any new or resolved secret scanning alerts based on a set frequency

    advanced-security/secret-scanning-notifications’s past year of commit activity
    TypeScript 1 MIT 3 0 7 Updated Apr 8, 2025
  • maven-dependency-submission-action Public

    GitHub Action for submitting Maven dependencies

    advanced-security/maven-dependency-submission-action’s past year of commit activity
    TypeScript 49 MIT 26 13 7 Updated Apr 7, 2025
  • component-detection-dependency-submission-action Public
    advanced-security/component-detection-dependency-submission-action’s past year of commit activity
    TypeScript 17 MIT 7 4 1 Updated Apr 7, 2025
View all repositories

Most used topics

Loading…