Adds "Evaluate code scanning" article (#46478)

Co-authored-by: Felicity Chapman <[email protected]>
ebfork · Dec 12, 2023 · d6145e0 · d6145e0
1 parent 858d723
commit d6145e0
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 12 deletions.
diff --git a/.../enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/.../enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
@@ -66,7 +66,7 @@ Through the "Code security and analysis" page of your organization's settings, y
 1. Click **Settings** next to your organization.
 1. Click **Code security & analysis**.
 1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite%}
-1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."
+1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
 1. To enable your configuration of default setup, click **Enable for eligible repositories**.
 1. Optionally, to recommend the "Extended" query suite throughout your organization when enabling default setup, select "Recommend the extended query suite for repositories enabling default setup."{% else %}
 1. In the "Enable {% data variables.product.prodname_code_scanning %} for eligible repositories" dialog box displayed, click **Enable for eligible repositories** to enable your configuration of default setup.{% endif %}
@@ -119,7 +119,7 @@ You can select all of the displayed repositories, or a subset of them, and enabl
 1. In the list of repositories, select each repository you want to enable {% data variables.product.prodname_code_scanning %} for. To select all repositories on the page, click the checkbox next to **NUMBER Active**. To select all repositories that match the current search, click the checkbox next to **NUMBER Active** and then click **Select all NUMBER repos**.
 1. Click **Security settings** next to **NUMBER selected**.
 1. In the side panel, in the "{% data variables.product.prodname_codeql %} Default Setup" section, select **No change**, then click **Enable**.{% ifversion bulk-code-scanning-query-suite %}
-1. Optionally, to choose a different query suite than your organization's default query suite, select **Query suite: SUITE NAME**, then click the query suite your configuration of default setup should use. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."{% endif %}
+1. Optionally, to choose a different query suite than your organization's default query suite, select **Query suite: SUITE NAME**, then click the query suite your configuration of default setup should use. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."{% endif %}
 1. To confirm the enablement of {% data variables.product.prodname_code_scanning %} for the selected repositories, click **Apply changes NUMBER**. Alternatively, to select or deselect more repositories for {% data variables.product.prodname_code_scanning %} enablement, click {% octicon "x" aria-label="Close" %} to close the panel without applying your changes.
 
   {% note %}

diff --git a/...-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/...-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
@@ -38,10 +38,6 @@ Default setup for {% data variables.product.prodname_code_scanning %} is the qui
 {% endnote %}
 {% endif %}
 
-You can enable the automatically selected configuration of default setup to start scanning your code as soon as possible, or you can customize aspects of the configuration to better meet your {% data variables.product.prodname_code_scanning %} needs. If you choose to customize the configuration yourself, you can select:{% ifversion code-scanning-without-workflow-310 %}
-- the languages default setup will analyze.{% endif %}
-- the query suite default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."
-
 {% ifversion org-enable-code-scanning %}You can also enable default setup for multiple or all repositories in an organization at the same time. For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)."{% endif %}
 
 If you need more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you should instead configure advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)."
@@ -64,6 +60,10 @@ Enterprise owners, organization and repository administrators can add self-hoste
 
 You can use default setup if your repository includes languages that aren't supported by {% data variables.product.prodname_codeql %}, such as R. For more information on {% data variables.product.prodname_codeql %}-supported languages, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql)."
 
+### Customizing default setup
+
+We recommend that you start using {% data variables.product.prodname_code_scanning %} with default setup. After you've initially configured default setup, you can evaluate {% data variables.product.prodname_code_scanning %} to see how it's working for you. If you find that something isn't working as you expect, you can customize default setup to better meet your code security needs. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning)."
+
 {% ifversion code-scanning-default-setup-recommended-languages and code-scanning-without-workflow-310 %}
 
 ### About adding {% ifversion code-scanning-default-setup-automatic-311 %}non-compiled and {% endif %}compiled languages to your default setup
@@ -122,7 +122,7 @@ When you initially configure default setup for {% data variables.product.prodnam
 
    ![Screenshot of the modal for default setup. A button labeled "Default", with an arrow indicating a dropdown menu, is outlined in dark orange.](/assets/images/help/security/default-setup-query-suite-dropdown.png)
 
-   If you choose the **Extended** query suite, your {% data variables.product.prodname_code_scanning %} configuration will run lower severity and precision queries in addition to the queries included in the **Default** query suite. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."
+   If you choose the **Extended** query suite, your {% data variables.product.prodname_code_scanning %} configuration will run lower severity and precision queries in addition to the queries included in the **Default** query suite. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
 
    {% note %}
 
@@ -143,7 +143,9 @@ When you initially configure default setup for {% data variables.product.prodnam
 
 ## Next steps
 
-After you configure default setup for {% data variables.product.prodname_code_scanning %}, and your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+After your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+
+After you've configured default setup for {% data variables.product.prodname_code_scanning %}, you can read about evaluating how it's working for you and the next steps you can take to customize it. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning)."
 
 You can find detailed information about your {% data variables.product.prodname_code_scanning %} configuration, including timestamps for each scan and the percentage of files scanned, on the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)."
 

diff --git a/...e-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md b/...e-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md
@@ -0,0 +1,36 @@
+---
+title: Evaluating default setup for code scanning
+shortTitle: Evaluate code scanning
+intro: 'Learn how to assess how code scanning is working for you, and how you can customize your setup to best meet your code security needs.'
+product: '{% data reusables.gated-features.code-scanning %}'
+type: how_to
+topics:
+  - Advanced Security
+  - Code scanning
+versions:
+  feature: code-scanning-without-workflow
+---
+
+## About evaluating a new {% data variables.product.prodname_code_scanning %} configuration
+
+When you first start using {% data variables.product.prodname_code_scanning %}, you'll likely use default setup. This guide describes how to evaluate how default setup for {% data variables.product.prodname_code_scanning %} is working for you, and what steps to take if something isn't working as you expect. This guide also describes how you can customize {% data variables.product.prodname_code_scanning %} if you find that you have a specific use case that your new configuration doesn't fit.
+
+## Customizing {% data variables.product.prodname_code_scanning %}
+
+When you first configure default setup, or after an initial analysis of your code, you can edit{% ifversion code-scanning-without-workflow-310 %} which languages default setup will analyze and{% endif %} the query suite run during analysis. The `default` query suite contains a set of queries that are carefully designed to look for the most relevant security issues, while minimizing false positive results. However, you can use the `security-extended` suite to run additional queries, which have slightly lower precision. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
+
+For more information about customizing default setup, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup)."
+
+### Using advanced setup
+
+If you've found that you still need more granular control over {% data variables.product.prodname_code_scanning %}, you can use advanced setup. Advanced setup requires significantly more effort to configure, customize, and maintain, so we recommend enabling default setup first. For more information about advanced setup, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
+
+## Evaluating {% data variables.product.prodname_code_scanning %} with the {% data variables.code-scanning.tool_status_page %}
+
+The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your {% data variables.product.prodname_code_scanning %} tools. You can use it to investigate whether individual tools are working for a repository, when files in the repository were first scanned and most recently scanned, and when upcoming scans are scheduled. It's also a useful starting point for debugging issues.
+
+Using the {% data variables.code-scanning.tool_status_page %}, you can download the list of rules that {% data variables.product.prodname_code_scanning %} is checking against, in CSV format. For integrated tools like {% data variables.product.prodname_codeql %}, you can also see more detailed information, including a percentage of files scanned and specific error messages.
+
+If you find that default setup doesn't scan all your files, you may need to customize {% data variables.product.prodname_code_scanning %}. For more information, see "[Customizing code scanning](#customizing-code-scanning)" in this article. Alternatively, or if something else isn't working as you expect, you may find our dedicated troubleshooting documentation useful. For more information, see "[AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning)".
+
+For more detailed information about the {% data variables.code-scanning.tool_status_page %}, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#viewing-the-tool-status-page-for-a-repository)."
diff --git a/content/code-security/code-scanning/enabling-code-scanning/index.md b/content/code-security/code-scanning/enabling-code-scanning/index.md
@@ -11,5 +11,6 @@ topics:
   - CodeQL
 children:
   - /configuring-default-setup-for-code-scanning
+  - /evaluating-default-setup-for-code-scanning
   - /configuring-default-setup-for-code-scanning-at-scale
 ---
diff --git a/...ode-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/...ode-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
@@ -36,6 +36,7 @@ To monitor results from {% data variables.product.prodname_code_scanning %} acro
 
 {% ifversion code-scanning-without-workflow %}
 To get started with {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
+
 {% else %}
 To get started with {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)."
 {% endif %}

diff --git a/...iguration/built-in-codeql-query-suites.md → ...ning-configuration/codeql-query-suites.md b/...iguration/built-in-codeql-query-suites.md → ...ning-configuration/codeql-query-suites.md
@@ -1,12 +1,13 @@
 ---
-title: Built-in CodeQL query suites
-shortTitle: Built-in CodeQL query suites
+title: CodeQL query suites
+shortTitle: CodeQL query suites
 intro: 'You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.'
 product: '{% data reusables.gated-features.code-scanning %}'
 versions:
   feature: code-scanning-without-workflow
 redirect_from:
   - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/built-in-codeql-query-suites
+  - /code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites
 type: reference
 topics:
   - Code scanning

diff --git a/...your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/...your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -15,7 +15,7 @@ topics:
 
 After running an initial analysis of your code with default setup, you may need to make changes to your configuration to better meet your code security needs. For existing configurations of default setup, you can edit{% ifversion code-scanning-without-workflow-310 %}:
 - Which languages default setup will analyze.
-- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."
+- {% endif %} The query suite run during analysis. For more information on the available query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
 
 {% ifversion codeql-model-packs-java %}
 

diff --git a/.../code-security/code-scanning/managing-your-code-scanning-configuration/index.md b/.../code-security/code-scanning/managing-your-code-scanning-configuration/index.md
@@ -15,7 +15,7 @@ topics:
 children:
   - /about-the-tool-status-page
   - /editing-your-configuration-of-default-setup
-  - /built-in-codeql-query-suites
+  - /codeql-query-suites
   - /viewing-code-scanning-logs
   - /c-cpp-built-in-queries
   - /csharp-built-in-queries