Code Vulnerability Scanning Demo

This is a demo project to test automatic code scanning and reporting

⚠️ Not for production use.

Results are available in Action log, but are also pushed to GitHub code scanning alerts if Advanced Security is available. Checks will not fail if pushing is not possible (due to missing license etc).

Supported Scanners

Examples

Go

gosec: Static code analysis, reports known bad code patterns
govulncheck: Depedency vulnerability reporting based on static code analysis (can also scan compiled binaries)
CodeQL: Static analysis

Python

bandit: Static analysis
CodeQL: Static analysis
pip-audit: Dependency vulnerability reporting

Terraform

tfsec: Best practice and risk scanning
checkov: Best practice and risk scanning

Bicep

checkov: Best practice and risk scanning