diff --git a/.github/steps/1-enable-codeql.md b/.github/steps/1-enable-codeql.md index c9baeef..216aa68 100644 --- a/.github/steps/1-enable-codeql.md +++ b/.github/steps/1-enable-codeql.md @@ -24,7 +24,7 @@ In this first step, we'll be learning more about CodeQL and how to use it to sec First, we will enable code scanning with CodeQL in our repository. 1. Open a new browser tab, and work on the steps in your second tab while you read the instructions in this tab. -2. Navigate the to **Settings** tab at the top of your newly created repository. +2. Navigate to the **Settings** tab at the top of your newly created repository. 3. Under the **Security** section on the left side, select **Code security and analysis**. 4. Scroll down to the section titled **Code scanning**. For the purpose of this course, we will focus on CodeQL analysis. 5. Click on the **Set up** dropdown menu and choose **Default**. diff --git a/.github/steps/2-review-and-triage-codeql-alerts.md b/.github/steps/2-review-and-triage-codeql-alerts.md index 28478b8..45a3ced 100644 --- a/.github/steps/2-review-and-triage-codeql-alerts.md +++ b/.github/steps/2-review-and-triage-codeql-alerts.md @@ -80,7 +80,7 @@ Now that we're familiar with the alert layout, let's work through the process of ### :keyboard: Activity 5: Create a GitHub Issue for an Alert This last step will show you how to create a GitHub Issue to track the work that goes into resolving a vulnerability. Issues provide a space for collaboration for a security problem and can be assigned to people or teams. -1. Open one of the open alerts that CodeQL from the scan. +1. Open one of the open alerts identified by CodeQL during the scan. 2. Click the green **Create issue** button at the top right of the alert. If you don't see this button, check the status of the alert to make sure it's an open alert. 3. Add any details you would like to include in the new issue form. 4. Click **Submit new issue**. diff --git a/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md b/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md index 80a2cd9..77a914e 100644 --- a/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md +++ b/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md @@ -9,7 +9,7 @@ _Nicely done! You finished Step 3: Fix Security Vulnerabilites! :partying_face:_ -Way to go! You made it this far. We're almost done! The last step is to test out the pull request integration with CodeQL. In this step, we will add a vulnerability back into the `routes.py` file to trigger an alert for a SQL injection vulnerability. This is going to be the same issue initially saw. +Way to go! You made it this far. We're almost done! The last step is to test out the pull request integration with CodeQL. In this step, we will add a vulnerability back into the `routes.py` file to trigger an alert for a SQL injection vulnerability. This is going to be the same issue we initially saw. Our goal is to understand what developers experience when they find a new vulnerability. diff --git a/.github/steps/X-finish.md b/.github/steps/X-finish.md index 39d2918..d084992 100644 --- a/.github/steps/X-finish.md +++ b/.github/steps/X-finish.md @@ -9,7 +9,7 @@ _Congratulations! You have completed this course!_ 🏆 Here's a recap of all the tasks you accomplished in your repository: - Enabled CodeQL on your repository. - - CodeQL scanned the code in your repository and notified us of two SQL injection vulenrabilities. + - CodeQL scanned the code in your repository and notified us of two SQL injection vulnerabilities. - Reviewed the findings, marked the findings as closed, and explored the audit trail. - Fixed your code in the main branch and saw that the findings automatically closed out. - Introduced a new vulnerability in a new branch.