skills-dev
diff --git a/‎.github/steps/1-enable-codeql.md
Lines changed: 2 additions & 2 deletions b/‎.github/steps/1-enable-codeql.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/steps/2-review-and-triage-codeql-alerts.md
Lines changed: 7 additions & 7 deletions b/‎.github/steps/2-review-and-triage-codeql-alerts.md
Lines changed: 7 additions & 7 deletions
diff --git a/‎.github/steps/3-fix-security-vulnerabilities.md
Lines changed: 1 addition & 1 deletion b/‎.github/steps/3-fix-security-vulnerabilities.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md
Lines changed: 3 additions & 3 deletions b/‎.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎images/additiona-information.png
-299 KB b/‎images/additiona-information.png
-299 KB
diff --git a/‎images/alert-status.png
-248 KB b/‎images/alert-status.png
-248 KB
diff --git a/‎images/audit-trail.png
-219 KB b/‎images/audit-trail.png
-219 KB
diff --git a/‎images/codeql-default-configuration-box.png
-140 KB b/‎images/codeql-default-configuration-box.png
-140 KB
diff --git a/‎images/codeql-setup.png
-401 KB b/‎images/codeql-setup.png
-401 KB
diff --git a/‎images/edit-button.png
-195 KB b/‎images/edit-button.png
-195 KB
diff --git a/‎images/enable-code-scanning-default.png
-233 KB b/‎images/enable-code-scanning-default.png
-233 KB
diff --git a/‎images/location-information.png
-249 KB b/‎images/location-information.png
-249 KB
diff --git a/‎images/one-closed-alert.png
-253 KB b/‎images/one-closed-alert.png
-253 KB
diff --git a/‎images/pr-panel.png
-184 KB b/‎images/pr-panel.png
-184 KB
diff --git a/‎images/recommendations.png
-218 KB b/‎images/recommendations.png
-218 KB
diff --git a/‎images/vulnerabilities-alert-code-scanning.png
-308 KB b/‎images/vulnerabilities-alert-code-scanning.png
-308 KB
@@ -23,15 +23,15 @@ First, we will enable code scanning with CodeQL in our repository.
 1. Scroll down to the section titled **Code scanning**. For the purpose of this exercise, we will focus on CodeQL analysis.
 
 1. Click on the **Set up** dropdown menu and choose **Default**.
-   ![enable-code-scanning-default.png](/images/enable-code-scanning-default.png)
+   ![enable code scanning](https://github.com/user-attachments/assets/0d639af3-a8fb-4ea7-8b94-44621a34fc3c)
 
    Let's take a look at the configuration options in the modal:
 
    - **Languages to analyze:** These are the languages that will be scanned by CodeQL. In this case, we will be scanning in `Python`.
    - **Query suites:** CodeQL [queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries) are packaged in bundles called "suites". This section allows you to choose which query suite to use. We'll leave this set as **Default** for this exercise. For more information, see "[About CodeQL queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries)."
    - **Events:** This section tells CodeQL when to scan. In this case, it's set to scan on any pull request to the `main` branch.
 
-   ![codeql-default-configuration-box.png](/images/codeql-default-configuration-box.png)
+   ![codeql default configuration box](https://github.com/user-attachments/assets/cf5ba96b-98bb-4db5-b743-bd31bceaabac)
 
 1. Click **Enable CodeQL**
 
 
@@ -18,7 +18,7 @@ In this activity, we'll explore GitHub Actions to view the status of a CodeQL sc
 
 1. Select the run by clicking on **CodeQL Setup**.
 
-   ![codeql-setup](/images/codeql-setup.png)
+   ![codeql setup](https://github.com/user-attachments/assets/016a729e-3b41-466c-8edf-3d4b41a86b7d)
 
    Notice that more information is available inside the Actions run. Feel free to explore this section to view information such as the CodeQL logs, duration, status, and artifacts generated by CodeQL.
 
@@ -40,26 +40,26 @@ In this activity, we will explore the alert UI. We'll review the data flow of th
 
 **Alert status:** This section displays the current alert status (open or closed), identifies the branch where the scan detected the alert, and shows the timestamp of the alert.
 
-![alert-status](/images/alert-status.png)
+![alert status](https://github.com/user-attachments/assets/2fecc67d-52ef-44fc-ad89-1eb28ceb9437)
 
 **Location information:** This section describes which part of the code is vulnerable.
 
-![location-information](/images/location-information.png)
+![location information](https://github.com/user-attachments/assets/1a450118-f200-436b-8433-04b7e5e4f1a8)
 
 **Paths:** Clicking on "Show paths" will give you additional insights into the alert's data flow. The modal shows us where the user input (we call that a "source") flows through the application until it's acted on (we call this the "sink"). This visualizes the flow of data through your application.
 
 **Recommendations:** This section provides a quick overview of the tool (CodeQL in this case), Rule ID, and even allows you to view the CodeQL query used to find this vulnerability. You can view the query by clicking **View source**. Additionally, this pane includes recommendations for fixing this vulnerability. Click **Show more** to view the full recommendation.
 
-![recommendations](/images/recommendations.png)
+![recommendations](https://github.com/user-attachments/assets/a5653b45-b66f-4e5b-8e03-a7b8cd3b91b4)
 
 **Audit trail:** The audit trail shows the history of the alert. This trail will show the status as users mark an alert as closed or fix an alert in the code.
 
-![audit-trail](/images/audit-trail.png)
+![audit trail](https://github.com/user-attachments/assets/25ec5256-20c7-4e9d-8160-ff40f3763872)
 
 **Alert triage:** Use the buttons at the top right of the alert to triage or create a new issue for the alert. Don't do anything yet. We'll get into these buttons in a moment. 😄
 
 **Additional info:** Finally, the right-side panel contains information such as tags, CWE information, and the severity of the alert
-![additional-information.png](/images/additiona-information.png)
+![additional information](https://github.com/user-attachments/assets/9a5aaf3f-e063-4d07-8cdd-6272eec8a411)
 
 ### ⌨️ Activity: Dismiss an Alert
 
@@ -75,7 +75,7 @@ Now that we're familiar with the alert layout, let's work through the process of
 
 1. Click **1 Closed**. This will bring you to the closed alerts where you can view the alert you just closed.
 
-   ![one-closed-alert.png](/images/one-closed-alert.png)
+   ![one closed alert](https://github.com/user-attachments/assets/b10005b6-9ef8-4d46-a160-4c9849d2c898)
 
 1. (Optional) You can also reopen the alert by opening it, then selecting **Reopen alert**.
 
 
@@ -26,7 +26,7 @@ We now know where the issues exist and how to fix them. We'll start by modifying
 
 1. Click the **Edit** button to the right.
 
-   ![edit-button.png](/images/edit-button.png)
+   ![edit button](https://github.com/user-attachments/assets/19462cc5-a360-4dae-a97b-ecfd571aa403)
 
 1. Edit line 16 by highlighting the SQL statement and replace it with this text.
 
 
@@ -27,7 +27,7 @@ In this first activity, we'll introduce the same insecure SQL statement from bef
 
 1. Click the **Edit** button to the right.
 
-   ![edit-button.png](/images/edit-button.png)
+   ![edit button](https://github.com/user-attachments/assets/19462cc5-a360-4dae-a97b-ecfd571aa403)
 
 1. Edit line 16 by highlighting the SQL statement and replace it with this text.
 
@@ -51,11 +51,11 @@ Now, let's take a look at the pull request to see what the experience is like.
 
 1. In the previous activity, we created the pull request. After creating the pull request, you were brought directly to the pull request page. At the bottom of the pull request, you will see a check called "Code scanning/CodeQL". This is the CodeQL analysis job scanning the code introduced in the pull request.
 
-   ![pr-panel](/images/pr-panel.png)
+   ![pr panel](https://github.com/user-attachments/assets/1c29ee0f-cc1d-4568-9e71-338d45ad1d54)
 
 1. Once the check is complete, you will see a new comment in the pull request from CodeQL indicating a new security vulnerability; a SQL query built from user-controlled data. This is our SQL injection vulnerability.
 
-   <img width="1180" alt="image" src="https://github.com/leftrightleft/enable-code-scanning/assets/4910518/378bd766-ef61-4619-ab3c-bf2c8d9618d7">
+   <img width="1180" alt="image" src="https://github.com/user-attachments/assets/677cc104-9116-44a9-8061-091e8126442a">
 
 1. Review the data flow paths by clicking **Show paths**.