Repositories list

• SARIF-viewer

  Public
  JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

  Kotlin

  •

  MIT License

  •55 forks•99 stars•33 issues•77 pull requests•Updated May 5, 2026May 5, 2026

• dismiss-alerts

  Public
  Dismiss GitHub Code Scanning alerts from SARIF suppression data

  sarifcode-scanningsast+ 3

  sarifcode-scanningsastcode-securityghasgithub-advanced-security

  Java

  •

  MIT License

  •44 forks•2121 stars•22 issues•88 pull requests•Updated May 5, 2026May 5, 2026

• codeql-development-mcp-server

  Public
  LLM <-- MCP --> CodeQL( AST | CFG | CLI | LSP )

  mcpstatic-analysisast+ 6

  mcpstatic-analysisastcode-qualitycfglspcode-securitycodeqlcopilot-enabled

  TypeScript

  •

  Other

  •22 forks•2020 stars•99 issues•11 pull request•Updated May 5, 2026May 5, 2026

• maven-dependency-submission-action

  Public
  GitHub Action for submitting Maven dependencies

  dependency-submission

  dependency-submission

  TypeScript

  •

  MIT License

  •3838 forks•5858 stars•1919 issues•66 pull requests•Updated May 4, 2026May 4, 2026

• awesome-secret-scanning

  Public
  A curated list of awesome GitHub Advanced Security secret scanning resources.

  awesomeawesome-listsecret-scanning+ 1

  awesomeawesome-listsecret-scanninggithub-advanced-security

  PowerShell

  •

  MIT License

  •44 forks•1616 stars•11 issue•00 pull requests•Updated May 4, 2026May 4, 2026

• codeql-sap-js

  Public
  CodeQL models for SAP JavaScript frameworks CAP, UI5 and XSJS

  TypeScript

  •

  MIT License

  •44 forks•77 stars•1010 issues•11 pull request•Updated May 4, 2026May 4, 2026

• codeql-development-template

  Public template
  Copilot-native repository template for CodeQL query development

  CodeQL

  •

  MIT License

  •22 forks•99 stars•11 issue•33 pull requests•Updated May 4, 2026May 4, 2026

• advanced-security-material

  Public
  securitycode-scanningcodeql+ 2

  securitycode-scanningcodeqladvanced-securityadvanced-security-training

  Shell

  •2626 forks•7878 stars•11 issue•66 pull requests•Updated May 2, 2026May 2, 2026

• sample-javascript-monorepo

  Public
  Detached fork of babel/babel to use as a TypeScript monorepo sample with 150+ packages using the monorepo-code-scanning-action https://github.com/advanced-secu…

  TypeScript

  •

  MIT License

  •11 fork•00 stars•00 issues•66 pull requests•Updated May 1, 2026May 1, 2026

• security-report-action

  Public
  GitHub Action that can generate reports from GitHub Advanced Security and dependency vulnerability findings

  HTML

  •

  MIT License

  •00 forks•33 stars•22 issues•22 pull requests•Updated Apr 28, 2026Apr 28, 2026

• mrva-report-docs

  Public
  Documentation for the MRVA reporting pipeline - architecture, CLI reference, and developer guide for transforming CodeQL multi-repository variant analysis resul…

  CSS

  •

  MIT License

  •00 forks•22 stars•00 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• sarif-sql

  Public
  A Go CLI for managing GitHub MRVA workflows and transforming SARIF results into SQLite for analytics

  Go

  •

  MIT License

  •00 forks•11 star•00 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• mrva-reports

  Public
  A Blazor WebAssembly app for visualizing GitHub CodeQL Multi-Repository Variant Analysis (MRVA) results

  C#

  •

  MIT License

  •00 forks•11 star•00 issues•00 pull requests•Updated Apr 28, 2026Apr 28, 2026

• github-sbom-toolkit

  Public
  Gather SBOMs from the GitHub Dependency Graph and report matches with packages, such as malware advisories from the GitHub Advisory Database or PURLs of your ch…

  malwaredependency-graphdependencies+ 5

  malwaredependency-graphdependenciessupplychainpurlsbomadvanced-securityghas

  TypeScript

  •

  MIT License

  •55 forks•1717 stars•00 issues•77 pull requests•Updated Apr 28, 2026Apr 28, 2026

• mrva-prep

  Public
  CLI tool that optimizes MRVA SQLite databases for the Blazor WebAssembly reports UI

  Go

  •

  MIT License

  •00 forks•11 star•00 issues•11 pull request•Updated Apr 27, 2026Apr 27, 2026

• spdx-dependency-submission-action

  Public
  upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API

  dependency-submission

  dependency-submission

  JavaScript

  •

  MIT License

  •66 forks•2424 stars•44 issues•44 pull requests•Updated Apr 27, 2026Apr 27, 2026

• sarif-toolkit

  Public
  All things SARIF, as an Action

  Python

  •

  MIT License

  •33 forks•44 stars•44 issues•44 pull requests•Updated Apr 27, 2026Apr 27, 2026

• component-detection-dependency-submission-action

  Public
  This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time.

  github-actionsdependency-submission

  github-actionsdependency-submission

  TypeScript

  •

  MIT License

  •3030 forks•2121 stars•66 issues•66 pull requests•Updated Apr 27, 2026Apr 27, 2026

• codeql-sarif-security-standard-annotator

  Public
  Compare a CodeQL SARIF results file to a security standard CWE list and annotate the SARIF rules with a tag to highlight results applicable to the security stan…

  TypeScript

  •

  MIT License

  •11 fork•1010 stars•11 issue•44 pull requests•Updated Apr 27, 2026Apr 27, 2026

• codeql-scanner-vscode

  Public
  CodeQL Plugin for VSCode to help scan and view alerts in code

  TypeScript

  •

  MIT License

  •22 forks•55 stars•11 issue•66 pull requests•Updated Apr 27, 2026Apr 27, 2026

• cocoapods-dependency-submission-action

  Public
  CocoaPods Lockfile Dependency Submission Action

  Python

  •

  MIT License

  •33 forks•55 stars•22 issues•22 pull requests•Updated Apr 27, 2026Apr 27, 2026

• codeql-extractor-iac

  Public
  CodeQL Extractor, Library, and Queries for Infrastructure as Code

  CodeQL

  •

  MIT License

  •1212 forks•5959 stars•1313 issues•66 pull requests•Updated Apr 27, 2026Apr 27, 2026

• cbom-action

  Public
  Create a Crypto Bill of Materials using CodeQL

  Python

  •

  MIT License

  •1818 forks•1515 stars•22 issues•11 pull request•Updated Apr 27, 2026Apr 27, 2026

• set-codeql-language-matrix

  Public
  Automatically set the CodeQL matrix job using the languages in your repository.

  codeql

  codeql

  Python

  •

  MIT License

  •1111 forks•1919 stars•44 issues•11 pull request•Updated Apr 27, 2026Apr 27, 2026

• ghas-reviewer-app

  Public
  GitHub Advanced Security Pull Request Security Team required review GitHub App

  github-appadvanced-security

  github-appadvanced-security

  Python

  •

  MIT License

  •1111 forks•3636 stars•66 issues•44 pull requests•Updated Apr 27, 2026Apr 27, 2026

• conda-dependency-submission-action

  Public
  GitHub Action that scans Conda manifest files and submits their dependencies to GitHub's Dependency Graph,

  dependency-graphcondadependabot+ 1

  dependency-graphcondadependabotdependency-graph-api

  TypeScript

  •

  MIT License

  •33 forks•11 star•00 issues•88 pull requests•Updated Apr 23, 2026Apr 23, 2026

• codeql-summarize

  Public
  CodeQL Summary Generator

  Python

  •

  MIT License

  •22 forks•77 stars•22 issues•00 pull requests•Updated Apr 23, 2026Apr 23, 2026

• codeql-extractor-action

  Public
  specify a CodeQL extractor to be used in your workflows as an author of an Extractor.

  Rust

  •

  MIT License

  •00 forks•22 stars•11 issue•1010 pull requests•Updated Apr 23, 2026Apr 23, 2026

• awesome-dependabot

  Public
  A curated list of awesome Dependabot (and related software supply chain) resources.

  awesomeawesome-list

  awesomeawesome-list

  MIT License

  •33 forks•1111 stars•00 issues•33 pull requests•Updated Apr 23, 2026Apr 23, 2026

• enterprise-security-team

  Public
  Manage a uniform team of security managers for every organization in your enterprise

  enterpriseghas

  enterpriseghas

  Python

  •

  MIT License

  •66 forks•2424 stars•00 issues•11 pull request•Updated Apr 23, 2026Apr 23, 2026