Set code scanning merge protection

About using rulesets for code scanning merge protection

You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:

• 所需工具发现了一个 code scanning 警报，其严重性是在规则集中定义的。
• 所需 code scanning 工具的分析仍在进行中。
• 未为存储库配置所需的 code scanning 工具。

Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged.

Configuring a code scanning rule will not automatically enable code scanning. For more information about how to enable code scanning, see Configuring default setup for code scanning.

For more information about code scanning alerts, see 关于代码扫描警报.

You can set merge protection with rulesets at the repository level, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets.

For more information about rulesets, see 关于规则集.

Creating a merge protection ruleset for a repository

1. 在 GitHub 上，导航到存储库的主页面。

2. 在仓库名称下，单击 “Settings”****。 如果看不到“设置”选项卡，请选择“”下拉菜单，然后单击“设置”。

   

3. 在左侧边栏的“代码和自动化”下，单击“规则”，然后单击“规则集” 。

   

4. Click New ruleset.

5. To create a ruleset targeting branches, click New branch ruleset.

6. 在“规则集名称”下，键入规则集的名称。

7. （可选）若要更改默认强制实施状态，请单击 “Disabled”，并选择强制实施状态****。

8. 在“分支保护”下，选择“要求 code scanning 结果。

9. 在“Required tools and alert thresholds”下，单击 “Add tool”****，然后从下拉列表中选择 code scanning 工具。 例如，“CodeQL”。

10. code scanning 工具的名称旁边：

    • 单击“警报”，然后选择“无”、“错误”、“错误和警告”或“全部”。
    • 单击“安全警报”，然后选择“无”、“严重”、“高或更高”、“中”或“全部”。
    

有关警报严重性和安全严重性级别的详细信息，请参阅“关于代码扫描警报”。

For more information about managing rulesets in a repository, see 管理存储库的规则集.

Creating a merge protection ruleset with the REST API

You can use the REST API to create a ruleset with the code_scanning rule, which allows you to define specific tools and set alert thresholds. For more information, see 规则的 REST API 终结点.