From bcd04ca46498dde94554b40670e92a16df931721 Mon Sep 17 00:00:00 2001 From: Paul Hodgkinson <41705651+aegilops@users.noreply.github.com> Date: Fri, 15 Mar 2024 08:40:19 +0000 Subject: [PATCH] Wording, capitalisation, layout Adjusted wording, caps and layout slightly. No real content changes --- README.md | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index f36a510..e94e530 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,14 @@ # Code Scanning C# Tutorial -Welcome to the Code Scanning C# Tutorial! This tutorial will take you through how to set up Github Advanced Security: Code Scanning as well as interpret results that it may find. The following repository contains cross-site scripting vulnerability for demonstration purpose. +Welcome to the Code Scanning C# Tutorial! This tutorial will take you through how to set up GitHub Advanced Security's Code Scanning, as well as interpret results that it may find. The following repository contains cross-site scripting vulnerabilities for demonstration purposes. ## Introduction -Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub. +Code Scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub. -You can use code scanning with CodeQL, a semantic code analysis engine. CodeQL treats code as data, allowing you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers. +You can use Code Scanning with CodeQL, a semantic code analysis engine. CodeQL treats code as data, allowing you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers. -This tutorial with use CodeQL Analysis with Code Scanning in order to search for vulnerabilities within your code. +This tutorial will use CodeQL analysis with Code Scanning in order to search for vulnerabilities within your code. ## Instructions @@ -55,6 +55,7 @@ This will create a GitHub Actions Workflow file with CodeQL already set up. Sinc #### Actions Workflow The Actions Workflow file contains a number of different sections including: + 1. Checking out the repository 2. Initializing the CodeQL Action 3. Running Autobuilder (or code your own build steps if autobuild doesn't work) @@ -62,11 +63,11 @@ The Actions Workflow file contains a number of different sections including: -Please change `line 35` to only use `csharp` for this demonstration purpose. +Please change `line 35` to only use `csharp` for this demonstration. -Click `Start Commit` -> `Commit this file` to commit the changes to _main_ branch. +Click `Start Commit` -> `Commit this file` to commit the changes to the _main_ branch.
@@ -77,15 +78,15 @@ Click `Start Commit` -> `Commit this file` to commit the changes to _main_ branc #### Workflow triggers -There are a [number of events](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows) that can trigger a GitHub Actions workflow. In this example, the workflow will be triggered on +There are a [number of events](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows) that can trigger a GitHub Actions workflow. In this example, the workflow will be triggered on: -- push to _main_ branch -- pull request to merge to _main_ branch +- push to the _main_ branch +- pull request to merge to the _main_ branch - on schedule, at 6:33 every Thursday -Setting up the new CodeQL workflow and committing it to _main_ branch in the step above will trigger the scan. +Setting up the new CodeQL workflow and committing it to the _main_ branch in the step above will trigger the scan. @@ -117,13 +118,13 @@ Once the Workflow has completed, click the `Security` tab -> ` Code Scanning Ale #### Security Alert View -Clicking on the security alert will provide details about the security alert including: