codeql-container
codeql-container copied to clipboard
microsoft
Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
Following the official instructions, I met the following errors when executing the `docker run ...` command in **Basic Usage** of the readme, whenever I build the image myself or just...
Starting a few weeks ago, CSharp and Java codeql analysis are taking extremely long... around 60 min, where the same analysis was taking 2 min prior. It looks as though...
looks like at least one query faild in the compile step. Maybe we can accept failing queries instead of failing the build ``` Compiling query plan for /usr/local/codeql-home/codeql-repo/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql. The...
Note due to #53 the image name is different: creating a database fails ``` docker run --rm --name codeql-container -v `pwd`/backend/App:/opt/src -v `pwd`/tmp/:/opt/results -e CODEQL_CLI_ARGS="database create /opt/results/source_db -s /opt/src --language=csharp...
The Python scripts in project contain references to a deprecated format. https://github.com/microsoft/codeql-container/blob/073695d07151238cd9e23f74c3a7f47b468b0388/scripts/unix/analyze_security.sh#L61 **Error**: ``` A fatal error occurred: Support for SARIF v2.0.0 (Committee Specification Draft 1) was removed in v2.8.2...
This codeql-container is a fantastic tool for making the execution of codeql and necessary dependencies simple. However I'd like to pin to a particular version to prevent breaking changes (i.e....
dotnet-sdk-3.1 fails docker build. Dotnet needs to be updated to dotnet-sdk-6.0 and use the new install scripts per: https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu#2004 https://learn.microsoft.com/en-us/dotnet/core/install/linux-scripted-manual#scripted-install https://github.com/microsoft/codeql-container/blob/46326644f2e39f7d2512a338b98b7e8d8a726435/Dockerfile#L50
