gh-code-scanning
GitHub Code Scanning Skill
Overview
GitHub code scanning alerts are produced by static analysis tools such as CodeQL and Scorecard and surfaced in the GitHub Security tab. The GitHub Security tab is not accessible through the default MCP toolset, so this skill provides scripts for all read operations.
Prerequisites
| Requirement | Details |
|---|---|
pwsh |
PowerShell 7+; install from https://learn.microsoft.com/powershell |
gh CLI |
Installed and on PATH; install from https://cli.github.com |
| Auth | Run gh auth login or set GH_TOKEN; requires security_events scope |
| Scope | security_events for private repos; public_repo for public-only |
The repo scope also satisfies security_events. The gh CLI handles authentication automatically; no explicit token passing is needed in commands.
Get-CodeScanningAlerts.ps1 validates both prerequisites at startup and aborts with a targeted error message if either check fails.
More from microsoft/hve-core
powerpoint
PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling - Brought to you by microsoft/hve-core
113hve-core-installer
Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows - Brought to you by microsoft/hve-core
21owasp-top-10
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
20video-to-gif
Video-to-GIF conversion skill with FFmpeg two-pass optimization - Brought to you by microsoft/hve-core
16gitlab
Manage GitLab merge requests and pipelines with a Python CLI - Brought to you by microsoft/hve-core
15owasp-agentic
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core.
15