Skip to content

Commit 034b84b

Browse files
felickzfelickz
authored
Merge pull request #63 from advanced-security/copilot/organize-codeql-mappings
Organize CodeQL security framework mappings into dedicated folder
2 parents 64be817 + abb6326 commit 034b84b

4 files changed

Lines changed: 34 additions & 0 deletions

File tree

code-scanning-guides/README.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# Code Scanning Guides
2+
3+
This directory contains comprehensive guides and resources for GitHub Advanced Security Code Scanning and CodeQL.
4+
5+
## Directory Structure
6+
7+
### 📊 [CodeQL Mappings](./codeql-mappings/)
8+
Security framework and vulnerability catalog mappings for CodeQL queries:
9+
- **[OWASP Top 10 2025](./codeql-mappings/OWASP2025-CodeQL.md)** - Mapping between OWASP Top 10 2025 vulnerabilities and CodeQL queries via CWE identifiers
10+
- **[MITRE Top 10 KEV](./codeql-mappings/MITRETop10KEV.md)** - Mapping between MITRE Top 10 Known Exploited Vulnerabilities and CodeQL queries
11+
- **[SANS Top 25](./codeql-mappings/SANS25-CodeQL.md)** - Mapping between SANS Top 25 Software Errors and CodeQL queries
12+
13+
### 🔧 Setup & Configuration
14+
- **[Setup CodeQL CLI](./setup-codeql-cli.md)** - Guide for setting up the CodeQL CLI
15+
- **[Uploading PR Analysis](./uploading-pr-analysis.md)** - How to upload CodeQL analysis results for pull requests
16+
- **[Sandwich Tracing](./sandwich-tracing.md)** - Advanced CodeQL tracing techniques
17+
18+
### 🔌 [Integrations](./integrations/)
19+
- **[Third-Party Integrations](./integrations/code-scanning-third-party-integrations.md)** - Integrating Code Scanning with third-party tools
20+
21+
### 🧪 [Synthetic Applications](./synthetic-applications/)
22+
Test applications for validating CodeQL and Code Scanning:
23+
- **[OWASP WebGoat](./synthetic-applications/owasp-webgoat.md)** - Deliberately insecure web application for testing
24+
- **[OWASP Juice Shop](./synthetic-applications/juice-shop.md)** - Modern vulnerable web application
25+
26+
## Getting Started
27+
28+
1. If you're looking for **security framework mappings** (OWASP, MITRE KEV, SANS), start with the [CodeQL Mappings](./codeql-mappings/) directory
29+
2. For **setting up CodeQL**, see the [Setup CodeQL CLI](./setup-codeql-cli.md) guide
30+
3. To **test CodeQL rules**, check out the [Synthetic Applications](./synthetic-applications/) directory
31+
32+
## Additional Resources
33+
34+
For more Advanced Security resources, see the parent repository's [README](../README.md).

code-scanning-guides/MITRETop10KEV.md renamed to code-scanning-guides/codeql-mappings/MITRETop10KEV.md

File renamed without changes.

code-scanning-guides/OWASP2025-CodeQL.md renamed to code-scanning-guides/codeql-mappings/OWASP2025-CodeQL.md

File renamed without changes.

code-scanning-guides/SANS25-CodeQL.md renamed to code-scanning-guides/codeql-mappings/SANS25-CodeQL.md

File renamed without changes.

0 commit comments

Comments
 (0)