GitHub Handbook
Policies and standards around security for the Department of Veterans Affairs GitHub organization.
Code Scanning
- What is the Current Code Scanning Policy
- What is GitHub Advanced Security CodeQL
- What are Required Pull Requests
- What are Required Workflows
- How to Configure CodeQL
- How to Update Repository Default Branch
- How to Enable Code Scanning Pull Request Failure Criteria
- How to Configure Jenkins Required Status Checks
- How to Request Temporary Bypass Permissions
- How to Remediate CodeQL Findings
- How to Request a Code Scanning Exemption
CodeQL Examples
- C# - .NET Framework 4.x app using GitHub Actions
- C# - Multiple .NET Framework 4.x apps using GitHub Actions
- Java - Java Maven app builds using GitHub Actions
Secrets Management
Return to Policies and Standards