codeql-action

codeql-action copied to clipboard

Document required workflow permissions (README regression)

5

Hello, I've come across quite a few issues in the repo here that seem to boil down to people not knowing what permissions are needed for enabling CodeQL to work...

GregDomzalski

Java: Please either autodetect the needed JDK version from `pom.xml` or document that `setup-java` must be called manually

2

For CodeQL runs on Maven Java projects, the default-generated workflow, which runs autobuild, fails with `error: invalid target release: 17` if the project requires JDK 17 (or, apparently, any version...

wtwhite

TRAP caching causes GitHub Actions Cache to churn

10

I'd like to discuss alternative storage solutions for TRAP caching, as the current implementation causes our monorepo to exhaust our available cache. Each run appears to consume about 100mb of...

sayhiben

CodeQL Analysis times out while creating zip file of results

14

I have CodeQL analysis enabled on a project that performs scans of C code using the cpp configuration. Normally, the scans works just fine. However, we had a scheduled scan...

futureviperowner

CodeQL failed to upload alerts and generated a error as "RequestError [HttpError]: Resource not accessible by integration"

2

# Summary CodeQL failed to upload alerts and generated a error as "RequestError [HttpError]: Resource not accessible by integration" # Details CodeQL generted errors and can't upload sarif files to...

hisashin0728

Conversation opened by @github-code-scanning bot does not resolve/collapse properly

14

Hi there, we recently reported https://github.com/github/codeql/issues/11407 and https://github.com/github/codeql/issues/11408, and now are trying to properly dismiss admonitions reported by @github-code-scanning bot. On https://github.com/crate/crate-python/pull/474, we are observing a situation where we tried...

amotl

Issue with Autobuild for go 1.21.0 modules

8

Hello! I'm not sure if this is the correct place to open this issue, but I recently updated [my repo](https://github.com/gilcrest/diygoapi) to the latest version of go (1.21). As per [their...

gilcrest

Can we use the github token as a parameter for reporting

4

when i use this action in enterprise github, Reporting is failing due to issue of access repository and `403` error returns so how about improving it by receiving github token...

10000-ki

Use unique names for releases

2

All [releases](https://github.com/github/codeql-action/releases) are just named "CodeQL Bundle" while they all bump up the CodeQL CLI versions. Please use unique names for the releases instead so it's easier to distinguish what...

Piedone

"codeql/cpp-all is found in 3 same-priority locations" upon extraction of latest codeql-bundle

6

After downloading https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.15.2/codeql-bundle-linux64.tar.gz and `$ tar xvzf codeql-bundle-linux64.tar.gz` I set my $PATH to the extracted dir like so: ```console $ export PATH=$PATH:~/downloads/codeql-bundles/codeql/ ``` When I run `codeql resolve qlpacks` I...

huornlmj