advanced-security-material icon indicating copy to clipboard operation
advanced-security-material copied to clipboard

Published 20 hours ago verified publisher icon advanced-security

Create ghas-bootcamp-codeql-cli-example-00.yml

Open nicolaswill opened this issue 2 years ago • 0 comments

This workflow is a rough work-in-progress demonstration of using the CodeQL CLI directly within GitHub Actions rather than using the provided codeql-action init and analyze actions. I wrote this workflow for analyzing the ghas-bootcamp repo, with the goal of demonstrating to customers how to integrate the CodeQL CLI into third-party CI/CD tools without using a wrapper. GitHub Actions, in my opinion, is the logical platform for hosting and running an interactive demo of this sort.

This specific workflow does not create a database cluster but uses categories for each language analyzed.

I raised this PR to start some discussion around where we can potentially build out a more hands-on ghas-bootcamp style approach to demonstrating various approaches to using the CodeQL CLI in build pipelines.

Relevant resources / other work to reference or consolidate: https://github.com/advanced-security/gh-codeql-scan https://github.com/david-wiggs/codeql-anywhere https://github.com/advanced-security/monorepo-filtering-workaround

nicolaswill avatar Aug 30 '23 14:08 nicolaswill