🔥 3-day streak
Microsoft DevOps Engineer Expert118 / 138
Question 118 of 138

Your team has enabled GitHub Advanced Security code scanning with the default CodeQL configuration on a large C# repository. Security engineers report that the scans catch common vulnerabilities but miss several injection patterns unique to your internal data-access framework. You need the CI code-scanning runs to detect these custom patterns while continuing to run the standard security queries, with the least ongoing maintenance. What should you do?

Reviewed for accuracy · Report an issueNext question