Adjustments from test run.

chriswblake · web-flow · commit 1d1993034d0e · 2025-06-29T11:12:11.000Z
diff --git a/.github/steps/2-step.md b/.github/steps/2-step.md
@@ -26,6 +26,8 @@ To see how Code Scanning works, we will introduce a vulnerability into the `rout
    learning-codeql
    ```
 
+1. On the new page, below the pull request description, press the **Create pull request** button.
+
 ### ⌨️ Activity: Review pull request
 
 1. If needed, navigate to the newly created pull request from the previous activity.
@@ -36,26 +38,38 @@ To see how Code Scanning works, we will introduce a vulnerability into the `rout
 
 1. If the job is still running, wait a few minutes for it to complete.
 
-1. Search the comments to find a report from the analysis.
+1. Search the comments to find the results of the analysis.
 
-   - Notice that the results found a SQL injection vulnerability. It is also suggesting a fix.
+   - Notice that the results found a SQL injection vulnerability. It also suggests a fix.
    - Don't worry about responding or resolving this problem (yet).
 
-   <img width="500" alt="image" src="https://github.com/user-attachments/assets/677cc104-9116-44a9-8061-091e8126442a">
+   <img width="500" alt="code scan results" src="https://github.com/user-attachments/assets/1914befe-e091-4905-bfdc-a5a252a73d2d" />
+
+   > 💡 Tip: Clicking the **Show paths** link will provide additional insights about the alert's data flow from user input (source), through the application, and when it is acted on (sink).
 
 ### ⌨️ Activity: View the CodeQL scanning logs
 
 1. In the top navigation, select the **Actions** tab.
 
-1. Click on the **CodeQL Setup** workflow run entry to open a page showing more details.
+1. In the left navigation, select the **CodeQL** entry to filter the workflow runs.
+
+<img width="500" alt="codeql filter" src="https://github.com/user-attachments/assets/9b66339d-0fba-4a72-be2e-5a0b2b5677b7"/>
+
+1. Click on the workflow run with the name **PR #2** to open a page with more details.
+
+<img width="500" alt="codeql setup" src="https://github.com/user-attachments/assets/016a729e-3b41-466c-8edf-3d4b41a86b7d"/>
 
-   <img width="500" alt="codeql setup" src="https://github.com/user-attachments/assets/016a729e-3b41-466c-8edf-3d4b41a86b7d"/>
+1. Expand the run jobs by clicking **Show all jobs** then click on the **Analyze (python)** entry. The list of all workflow steps is now shown.
 
-   > 💡 Tip: The workflow run contains additional CodeQL information such as the run duration, logs, and analysis artifacts.
+   <img height="250" alt="matrix jobs" src="https://github.com/user-attachments/assets/36516944-5728-4f81-82ba-2d60658e88ff" />
+
+   <img height="250" alt="list of codeql jobs" src="https://github.com/user-attachments/assets/418e1729-b406-444f-93b9-3d05d072d7de" />
+
+1. Find the analysis entry and consider reviewing the logs.
+
+<img width="500" alt="python analysis logs" src="https://github.com/user-attachments/assets/56ac1cf6-8e51-4e1f-b7f5-2dd48a5e5614" />
 
 1. With the pull request started and CodeQL scan finished, Mona will check your progress and share the next steps.
 
 > [!TIP]
 > Check out the [Triage code scanning alerts in pull requests](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests) page to learn more about integration of code scanning into pull requests.
-
-<!-- > 💡 Tip: Clicking the **Show paths** link will provide additional insights about the alert's data flow from user input (source), through the application, and when it is acted on (sink). -->
diff --git a/.github/steps/3-step.md b/.github/steps/3-step.md
@@ -20,43 +20,65 @@ Many of the patterns CodeQL scans for come from existing databases of vulnerabil
 
 The **Common Weakness Enumeration (CWE)** is a category system for hardware and software weaknesses and vulnerabilities. Think of it as a way to describe and categorize security issues in an application's source code. For more information on CWEs, see the Wikipedia article [Common Weakness Enumeration](https://en.wikipedia.org/wiki/Common_Weakness_Enumeration).
 
-### ⌨️ Activity: Review an Alert
+### ⌨️ Activity: View existing alerts
 
 1. In the top navigation, select the **Security** tab.
 
 1. In the left navigation, find the **Vulnerability alerts** area and select the **Code scanning** option.
 
-1. (Optional) Use the filters and search bar to explore the open and closed security alerts, including from the CodeQL scan.
+   - Notice that there are not open alerts. This is expected since the vulnerable code on a pull request has not been merged yet.
+
+1. Return to the recently created pull request. Ignore the failed check and click the **Merge pull request** button.
+
+   <img width="300" alt="merge button" src="https://github.com/user-attachments/assets/cb6fc4a9-c441-4d63-9104-efca6171d262" />
+
+1. Click the **Delete branch**. It is not needed anymore.
+
+1. Wait a moment for CodeQL to analyze the new changes to the `main` branch.
+
+1. Return the the **Security** tab.
+
+1. In the left navigation, notice that the **Code Scanning** option now has a `1` entry next to it, informing us of an open alert.
 
-1. Click on an alert.
+   <img width="250" alt="code scanning alerts count" src="https://github.com/user-attachments/assets/80f17f92-bd8e-45c4-b471-c60665e116d7" />
 
-1. Notice the description, related vulnerability information and a recommended solution.
+### ⌨️ Activity: Review an Alert
 
-<img width="500" alt="recommendations" src="https://github.com/user-attachments/assets/a5653b45-b66f-4e5b-8e03-a7b8cd3b91b4"/>
+1. In the left navigation, select the **Code scanning** option.
 
-1. (Optional) Click the **View source** link to view the CodeQL query that detected the alert.
+1. Click on the open alert.
 
-1. (Optional) Click the **Show more** link to view the full recommendation.
+1. Notice the description, vulnerability description, and a recommended solution.
 
-1. Inspect the audit trail to see a secure history of the alert, including open/close information.
+   <img width="600" alt="alert overview" src="https://github.com/user-attachments/assets/6da3aaa7-c9bb-4046-9372-c137a2d43106" />
 
-<img width="500" alt="audit trail" src="https://github.com/user-attachments/assets/25ec5256-20c7-4e9d-8160-ff40f3763872"/>
+1. Notice the audit trail provides the source of the vulnerability and shows that it came from our pull request.
 
 ### ⌨️ Activity: Dismiss and Reopen an Alert
 
 1. In the top right, click **Dismiss alert** dropdown.
 
-1. Select any reason and add a short explanation then click the **Dismiss alert** button.
+1. Select the `Used in tests` option and enter the below description.
+
+   ```md
+   This is a playground repository for learning about CodeQL alerts.
+   ```
+
+   <img width="300" alt="dismiss alert options" src="https://github.com/user-attachments/assets/7be133a7-3f20-4bf3-8073-383eb1cce359" />
+
+1. Click the **Dismiss alert** button.
 
    - The alert state will change to `Dismissed`.
-   - An entry is added to the audit trail, which can't be removed or edited.
+   - A read-only entry was added with the description to the audit trail showing who closed it.
+
+   <img width="300" alt="audit log entry showing alert dismissed" src="https://github.com/user-attachments/assets/afdd6e11-d4c9-466c-82d4-622c96e039a3" />
 
-1. Reopen the alert.
+1. In the top right, click the **Reopen alert** button.
 
-   - The alert state will change to `Open`.
-   - An entry is added to the audit trail, which can't be removed or edited.
+   - The alert state will change back to `Open`.
+   - A read-only entry was added to the audit trail showing who opened it.
 
-1. With an alert closed and reopened, post a comment on this issue. Mona will check your progress and share the next steps.
+1. With an alert closed and reopened, add a comment to this issue asking Mona to check our progress and share the next steps.
 
    ```md
    Hey @professortocat, I've closed an reopened an alert. What is the next step?
diff --git a/.github/steps/4-step.md b/.github/steps/4-step.md
@@ -4,15 +4,11 @@ Finally, let's use the information provided by CodeQL to better understand the v
 
 ### ⌨️ Activity: Resolve an open alert
 
-1. In the top navigation, select the **Security** tab.
+1. Review the open alert and become familiar with the recommended changes.
 
-1. In the left navigation, find the **Vulnerability alerts** area and select the **Code scanning** option.
+1. In the top navigation, select the **Code** tab.
 
-1. Review the open alert and review the recommended changes.
-
-1. In the top navigation, select the **Code** tab. Ensure you are on the branch for your pull request (`learning-codeql`).
-
-1. Navigate to the `server` folder and select the `routes.py` file.
+1. Ensure you are on the `main` branch then navigate to the `server` folder and select the `routes.py` file.
 
 1. In the top right of the preview, click the **Edit** button.
 
@@ -24,15 +20,23 @@ Finally, let's use the information provided by CodeQL to better understand the v
    "SELECT * FROM books WHERE name LIKE %s", name
    ```
 
-1. Above the editor in the top-right, click the **Commit changes...** button. Use the defaults options to commit the changes to the `learning-codeql` branch.
+1. Above the editor in the top-right, click the **Commit changes...** button. Use the defaults options to commit directly to the `main` branch.
 
    - CodeQL will now initiate a another scan.
 
-1. In the top navigation, navigate to the **Actions** tab. Wait for the **CodeQL** workflow to finish.
+1. Wait a moment for the **CodeQL** workflow to finish.
 
-1. Return the the open alerts page and review the open alerts.
+1. Return the the **Security** tab and **Code Scanning** area.
 
-   - There should be zero open alerts and two closed alerts. Nice work! 🎉
+   - There should be no open alerts and 1 closed alerts. Nice work! 🎉
    - Feel free to review the closed alerts, especially the audit trail.
 
-1. With the CodeQL scan finished, Mona will check your progress and share a final review. Nice work! You are done! 🥳
+1. Click on **Closed** to show our recently created alert.
+
+   <img width="350" alt="image" src="https://github.com/user-attachments/assets/75656267-cd80-47de-82cb-fd50e423f992" />
+
+1. Open our alert and notice the audit trail now includes how the alert was fixed.
+
+   <img width="350" alt="image" src="https://github.com/user-attachments/assets/316e25cb-e8ce-402d-aba8-7cbba9cb0753" />
+
+1. With our alert fixed, Mona will check your progress and share a final review. Nice work! You are done! 🥳
