codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

Sudden Appearance of a codeql alert

Open Subharanjan2055 opened this issue 1 year ago • 1 comments

Hi ,

I've been using codeql in my github repository for the past two years to review code. There is a file that has existed in the repository for the same duration without ever triggering a codeql alert. However, yesterday i suddenly received an alert for that file.

What could have caused this new alert to appear despite no recent changes to that file or its dependencies?

Thanks, Subh

Subharanjan2055 avatar Oct 07 '24 05:10 Subharanjan2055

👋 @Subharanjan2055 thanks for reaching out.

We constantly develop (and hopefully improve!) the queries behind our alerts, and by default CodeQL analysis will use the latest released CodeQL bundle. New bundle releases might mean changes in what data gets extracted from code and what we mark with alerts. Without having more information, I would say this is the most probable cause of a new alert popping up. If you do believe this alert is a false positive, you can let us know via a github/codeql issue 🙌

redsun82 avatar Oct 07 '24 08:10 redsun82