CodeQL-Community-Packs icon indicating copy to clipboard operation
CodeQL-Community-Packs copied to clipboard
verified publisher icon GitHubSecurityLab

Add local sources to audit config

Open felickz opened this issue 7 months ago • 1 comments 

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
        config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main
        config: |
          threat-models: local

Warning: Both a config file and config input were provided. Ignoring config file.

You cannot run the audit config along with local sources via another config (there is no mechanism to append). I would argue that when looking for audit results, local sources would be additional inputs that are warranted. Alternative would be to maintain two configs here otherwise.

felickz avatar May 06 '25 18:05 felickz

A fatal error occurred: The QL pack 'codeql/cpp-queries' which is referenced from /home/runner/.codeql/packages/githubsecuritylab/codeql-cpp-queries/0.2.1/suites/cpp-audit.qls cannot be found. Error: Process completed with exit code 2.

https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/actions/runs/14867539748/job/41749004142?pr=129

Seems ok that cpp queries are not used for python DB create 🤔

felickz avatar May 06 '25 19:05 felickz