| permalink | /labs/lab-06-github-security-tab/ |
|---|---|
| title | Lab 06: GitHub Security Tab — SARIF Upload |
| description | Upload SARIF findings to GitHub Code Scanning and triage results in the Security tab. |
🇫🇷 [Version française]({{ '/fr/labs/lab-06-github-security-tab/' | relative_url }})
| Duration | Level | Prerequisites |
|---|---|---|
| 30 min | Intermediate | Lab 05 |
- Upload SARIF files to GitHub Code Scanning
- Navigate and triage findings in the Security tab
- Understand cross-repo SARIF upload patterns
Navigate to the apm-security-scan-demo-app repository on GitHub and run the apm-security-scan.yml workflow.
After the workflow completes, visit each demo app's Security > Code scanning tab:
https://github.com/devopsabcs-engineering/apm-demo-app-001/security/code-scanning
- Dismiss false positives with a reason
- Open issues for true positives
- Group findings by rule ID
- Workflow completes successfully
- SARIF findings appear in the Security tab
- You can triage findings (dismiss/open issue)
Proceed to Lab 07: GitHub Actions Pipeline.