department-of-veterans-affairs / project-management-demo

Demonstration of Project Management using GitHub
2 stars 0 forks source link

Add code scanning #15

Open zkoppert opened 3 years ago

zkoppert commented 3 years ago

Hello :wave: from the VA GitHub.com team!

We are requesting via this Pull request that you enable Advanced Security Code Scanning. Advanced Security Code Scanning is a feature on GitHub that the VA is already paying for, and we kindly request that you utilize it to improve your repository's security. This is a compliment to any tools and security procedures your team is already performing rather than a replacement. We are excited to get this enabled as it gets developers information about the security of the code early, before it's even merged in.

This pull request will attempt an automatic scan for security vulnerabilities in the code of this repository. If there is a build failure or results that you would like assistance with, we would be happy to work with you. You can schedule here or reach us at va-delivery@github.com.

Once merged, this feature will identify potential security issues on any new pull requests. These should be reviewed with any security folks on your team. For more information, check out the GitHub Handbook. A great place to start if you have a lot of potential vulnerabilities is to address new vulnerabilities only for a period of time and then scheduling time to regularly reduce the backlog of potential vulnerabilities. This will minimize negative impact to current release schedules and productivity.

With all that being said, please consider merging this once the checks pass. Thank you and happy coding! :octocat: