Skip to content

feat: add code scanning coverage report and alert dismissal scripts #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joshjohanning merged 27 commits into from
Jan 13, 2026
Merged

feat: add code scanning coverage report and alert dismissal scripts #144

joshjohanning merged 27 commits into from
Jan 13, 2026

Conversation

@joshjohanning
Copy link
Owner

@joshjohanning joshjohanning commented Jan 5, 2026
edited
Loading

This pull request introduces two new scripts to the scripts directory: code-scanning-coverage-report and dismiss-code-scanning-alerts. Both tools are designed to help organizations manage and improve their code scanning posture across GitHub repositories. The changes include documentation, package manifests, and updates to the main README.md to reference these new scripts.

You would run the script like this:

export GITHUB_TOKEN=ghp_aaaaa
node code-scanning-coverage-report.js my-org --output report.csv

Recommended to use GitHub App instead, and use relevant environment variables (GitHub Apps have a higher rate limit)

Variable Description
GITHUB_APP_ID GitHub App ID
GITHUB_APP_PRIVATE_KEY_PATH Path to GitHub App private key file (.pem)
GITHUB_APP_INSTALLATION_ID GitHub App installation ID for the organization
GITHUB_API_URL API endpoint (defaults to https://api.github.com)

Example results:

results-stale.csv

Repository,Default Branch,Last Updated,Archived,Languages,CodeQL Enabled,Last Default Branch Scan Date,Scanned Languages,Unscanned CodeQL Languages,Open Alerts,Analysis Errors,Analysis Warnings
migrations-1,main,2025-08-03,No,Ruby;JavaScript;TypeScript;Shell;Dockerfile,Yes,2025-04-07,javascript-typescript;ruby;actions,None,11,"None","None"

results-missing-languages.csv:

Repository,Default Branch,Last Updated,Archived,Languages,CodeQL Enabled,Last Default Branch Scan Date,Scanned Languages,Unscanned CodeQL Languages,Open Alerts,Analysis Errors,Analysis Warnings
joshjohanning.github.io-copy,main,2025-11-10,No,HTML;SCSS;JavaScript;Shell;Ruby,Yes,2026-01-01,actions,javascript-typescript;ruby,0,"None","None"
hello-insecure-world,main,2025-11-19,No,TypeScript;CSS;HTML,Yes,2025-11-19,actions,javascript-typescript,8,"None","None"
hello-insecure-world-2,main,2025-11-19,No,TypeScript;CSS;HTML,Yes,2025-11-19,actions,javascript-typescript,8,"None","None"

results-disabled.csv:

Repository,Default Branch,Last Updated,Archived,Languages,CodeQL Enabled,Last Default Branch Scan Date,Scanned Languages,Unscanned CodeQL Languages,Open Alerts,Analysis Errors,Analysis Warnings
example-gh-maven,master,2022-01-09,No,Java,No Scans,Never,,java-kotlin,N/A,"None","None"
composite-action-sample,main,2022-09-23,No,,Disabled,Never,,N/A,N/A,"None","None"
composite-sample-1,main,2022-01-10,No,Shell,Disabled,Never,,None,N/A,"None","None"
composite-caller-1,main,2023-12-16,No,,Disabled,Never,,N/A,N/A,"None","None"

results-analysis-issues.csv:

Repository,Default Branch,Last Updated,Archived,Languages,CodeQL Enabled,Last Default Branch Scan Date,Scanned Languages,Unscanned CodeQL Languages,Open Alerts,Analysis Errors,Analysis Warnings
backup-utils,master,2023-06-07,No,Shell;Ruby;Makefile;Dockerfile,Yes,2024-12-18,ruby,None,N/A,"unsuccessful execution, exit code: 0, description:  ","None"
failed-ghas-tool,main,2024-12-17,No,,Yes,2025-02-16,go;csharp,None,N/A,"unsuccessful execution, exit code: 0, description:  ","None"

Copilot AI review requested due to automatic review settings January 5, 2026 21:56
@github-actions
Copy link

github-actions bot commented Jan 5, 2026
edited
Loading

📋 Lint Results

⚡ ./gh-cli scripts

✅ No issues found.

🔧 ./scripts scripts

✅ No issues found.

Lint results updated at Tue Jan 13 17:11:34 UTC 2026

Copilot AI reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces a comprehensive code scanning coverage report tool for GitHub organizations. The implementation includes both a Node.js script (in scripts/) and a bash script (in gh-cli/), along with documentation for both.

Key changes:

  • Adds a parallelized Node.js script for generating detailed CodeQL coverage reports with sub-report generation capabilities
  • Adds a bash alternative using the gh CLI for users without Node.js
  • Includes comprehensive documentation with usage examples, options, and output descriptions

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 11 comments.

Show a summary per file
File Description
scripts/get-code-scanning-coverage-report/package.json Defines Node.js package metadata and dependencies (octokit v4)
scripts/get-code-scanning-coverage-report/package-lock.json Lock file for npm dependencies
scripts/get-code-scanning-coverage-report/get-code-scanning-coverage-report.js Main Node.js implementation with parallel API calls and CSV generation
scripts/get-code-scanning-coverage-report/README.md Detailed documentation for the Node.js script with usage examples
scripts/README.md Adds entry for the new script to the scripts directory index
gh-cli/get-code-scanning-coverage-report.sh Bash implementation using gh CLI for users without Node.js
gh-cli/README.md Adds entry for the bash script to the gh-cli directory index
Files not reviewed (1)
  • scripts/get-code-scanning-coverage-report/package-lock.json: Language not supported

@joshjohanning
feat: add GitHub App authentication support and update README
90bea81
@joshjohanning
refactor: rename script
8525270
@joshjohanning
feat(deps): update octokit and related dependencies to latest versions
ebcec20
@joshjohanning
fix(docs): clarify repository permissions in README
bb3de7f
@joshjohanning
feat: add support for fetching open alert counts and summary statisti…
46ab062 
…cs in code scanning report

also not checking for alerts for each repo to conserve rate limit
@joshjohanning
feat: add API call counting and update alert sub reports to only show…
b6d1a7e 
… critical alerts
@joshjohanning
feat: grab repo language via GraphQL to save on API usage
e3294fd
@joshjohanning
test: add Jest for testing and update package.json for module support
e82e904
@joshjohanning
refactor!: rename optional params for clarity
1274e6c
@joshjohanning
feat: improve argument parsing with required value checks
0995c3d
@joshjohanning
feat!: remove get-code-scanning-coverage-report.sh script and update …
a2bf38f 
…README
@joshjohanning joshjohanning requested a review from Copilot January 6, 2026 19:20
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.

@joshjohanning joshjohanning changed the title feat: add code scanning coverage report script feat: add code scanning coverage report and alert dismissal scripts Jan 8, 2026
@joshjohanning joshjohanning requested a review from Copilot January 9, 2026 15:23
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 11 changed files in this pull request and generated 10 comments.

Comments suppressed due to low confidence (1)

scripts/code-scanning-coverage-report/code-scanning-coverage-report.js:940

  • The value assigned to rateLimitOctokit here is unused.
    rateLimitOctokit = createTokenOctokit();

@joshjohanning joshjohanning requested a review from Copilot January 13, 2026 17:09
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 11 changed files in this pull request and generated 2 comments.

@joshjohanning joshjohanning merged commit 047f710 into main Jan 13, 2026
13 checks passed
@joshjohanning joshjohanning deleted the add-code-scanning-coverage-report branch January 13, 2026 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshjohanning