Viewing code scanning logs from GitHub Actions

View the output from a code scanning analysis in GitHub Actions.

누가 이 기능을 사용할 수 있나요?

읽기 권한이 있는 사용자

참고 항목

사이트 관리자가 먼저 code scanning을 사용하도록 설정해야 이 기능을 사용할 수 있습니다. GitHub Actions를 사용하여 코드를 스캔하려면 사이트 관리자도 GitHub Actions를 사용하도록 설정하고 필요한 인프라를 설정해야 합니다. 자세한 내용은 어플라이언스에 대한 코드 스캐닝 구성을(를) 참조하세요.

After configuring code scanning using default setup or a custom GitHub Actions workflow, you can watch the output of the actions as they run. For information about logs for other code scanning setups, see Code scanning logs.

  1. 리포지토리 이름에서 작업을 클릭합니다.

    "github/docs" 리포지토리의 탭 스크린샷. "작업" 탭은 주황색 윤곽선으로 강조 표시됩니다.

    You'll see a list that includes an entry for running the code scanning workflow. The text of the entry is the title you gave your commit message.

    Screenshot of the "All workflows" page. In the list of workflow runs is a run labeled "Create .github/workflows/codeql.yml."

  2. Click the entry for the code scanning workflow.

    참고 항목

    If you are looking for the CodeQL workflow run triggered by enabling default setup, the text of the entry is "CodeQL."

  3. Click the job name on the left. For example, Analyze (LANGUAGE).

    Screenshot of the log output for the "Analyze (go)" job. In the left sidebar, under the "Jobs" heading, "Analyze (go)" is listed.

  4. Review the logging output from the actions in this workflow as they run.

  5. Optionally, to see more detail about the commit that triggered the workflow run, click the short commit hash. The short commit hash is 7 lowercase characters immediately following the commit author's username.

  6. Once all jobs are complete, you can view the details of any code scanning alerts that were identified. For more information, see 리포지토리에 대한 코드 검사 경고 평가.

Further reading

If you're looking for diagnostic information about whether code scanning accessed any private registries, see Viewing code scanning logs from GitHub Actions.