(Back)
The GHAS Checks tool is automatically installed on all GitHub Foundations organizations.
It runs GitHub Advanced Security (GHAS) scans for eligible repositories that have it enabled and reports all of the GHAS scans in one report. It is implemented as a GitHub Action that runs on a cron schedule (02:00 daily), and works by checking for any repositories that have GHAS enabled and running a scan on them.
The schedule for the GHAS Checks tool can be changed by modifying the schedule field in the .github/workflows/ghas-policy-check.yml file.
on:
schedule:
- cron: '0 2 * * *'The schedule is set to run at 02:00 daily by default. To learn how cron schedules work, see the GitHub Actions documentation.
To be eligible for a GHAS scan, the repository must have GHAS enabled. A repository can have GHAS enabled if:
- The repository is public.
- The repository is private and GHAS has been purchased.