codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
As recommended, I use the default setup for CodeQL. I also _require_ the CI scans in my protected branches. However, whenever there is an external-fork-based PR, the scans are not...
# TL;DR When you'r facing this issue in private repository please add ```yaml permissions: actions: read ``` to your workflow, or wait until this PR gets merged: ```[tasklist] ### Fixed...
I created two forks of https://github.com/octokit/request.js: 1. https://github.com/jsoref/request.js 2. https://github.com/check-spelling-sandbox/request.js both were created at approximately the same time. Every single run of the [codeql workflow in my repository](https://github.com/jsoref/request.js/actions/workflows/codeql-analysis.yml) has ❌...
 The error is `Error: codeql/upload-sarif action failed: Resource not accessible by integration` My case is try to integrate snyk for sast on my golang code, and then upload sarif...
As noted in https://github.com/github/codeql-action/pull/2121#discussion_r1483012019 and https://github.com/github/codeql-action/issues/2117#issuecomment-1934863805, [check-spelling](https://github.com/check-spelling/check-spelling) has special code to handle the case where a user thinks they can use `security-events: ...` to talk to sarif reporting, but they're...
We`re workin on CodeQL Static Application Security Testing (SAST) implementation for a Swift language using GitHub Actions. During this process, I encountered an issue with the CodeQL initialization step when...
### Merge / deployment checklist - [ ] Confirm this change is backwards compatible with existing workflows. - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary. - [...
When running CodeQL on `merge_group`, it doesn't report the **Code scanning results / CodeQL** status reported for pull requests. This prevents the use of [pull request merge queue](https://github.blog/changelog/2023-02-08-pull-request-merge-queue-public-beta/) when branch...
Hi there, I am trying to setup CodeQL analysis on a repo in our github enterprise server. This is a monorepo with TypeScript and Python code. The directory structure is...
Hi , I have been trying to build & codescan one dotnet Console applications . Its building the applications but in the perform codeql analysis step its failing and throwing...
