Challenge S-01: Enable Code Scanning & Discover Vulnerabilities

Description

Your repository is set up — now it's time to see what's hiding in the code. Code scanning uses CodeQL, GitHub's semantic analysis engine, to find security vulnerabilities and coding errors that regular linters miss. We're talking SQL injection, cross-site scripting, insecure deserialization — the stuff that actually gets exploited in production.

In this challenge, you'll use the CodeQL pipeline that's already configured in the repository (.github/workflows/codeql.yml), trigger your first scan, and then dig into the results. The Juice Shop application is intentionally vulnerable, so you'll have plenty to find. Your job is to review the alerts, understand what they mean, and document what you discover.

Note: This repository uses the CodeQL advanced setup (a custom Actions workflow), not the default setup. When an advanced setup workflow is present, GitHub's default setup option is unavailable — the two are mutually exclusive.

Pay attention to severity levels and vulnerability categories. You'll need this context for the next challenge, where you actually fix these issues.

Objectives

• Understand the CodeQL advanced setup pipeline already configured in .github/workflows/codeql.yml
• Trigger the first code scanning analysis via the Actions workflow
• Review all code scanning alerts in the Security tab
• Identify and document at least 5 distinct vulnerabilities, including their severity and type

Success Criteria

• CodeQL analysis workflow (codeql.yml) has run successfully in the Actions tab
• Code scanning analysis has completed at least one run
• Security > Code scanning alerts page shows results
• At least 5 vulnerabilities documented with severity level (critical/high/medium/low) and vulnerability type (e.g., SQL injection, XSS)

Learning Resources

• About code scanning with CodeQL
• Configuring advanced setup for code scanning
• Managing code scanning alerts
• CodeQL query suites