codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
Hi guys, I ran the Golang CodeQL checks on this repository: https://github.com/CiscoDevNet/terraform-provider-cdo and found that it is unable to resolve some references. Those references are replaced in the `go.mod` file...
I set up JDK 17 like this. ```yml steps: - name: Checkout repository uses: actions/checkout@v3 - name: Setup Java uses: actions/setup-java@v3 with: distribution: 'temurin' java-version: '17' ``` And it seems...
This PR re-enables the Swift autobuild checks. We should merge it once the macOS tracer issue is fixed. ### Merge / deployment checklist - [x] Confirm this change is backwards...
Would it be possible to extend the CodeQL database upload/download API to contain the commit sha and branch name? Having a database but not knowing which source code version it...
I'm developing a GitHub action following https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#physicallocation-object The doc says the `artifactLocation.uri: If the URI is absolute, code scanning can use the URI to checkout the artifact and match up...
# Environment Version of codeql-action: v2.14.6 Programming Language: Swift Self-Hosting agent platform: MacOS 13.5.2 Build Target platform: iOS 16.2 Using Azude Devops Services # Issue After using the AdvancedSecurityCodeqlInit task...
I'm setting up a new CodeQL instance, looking at the alerts for the PR branch, I saw I had thousands:  Hundreds appeared to be in generated XAML files from...
#1572 has the same error message, but is for a more interesting case. Here, I used github's editor to create a commit, it automatically created a `patch-1`. That triggered a...
I added the CodeQL action to [my repo](https://github.com/eygraber/portal) and the logs show that Java files are getting processed, but Kotlin files are not. I also see the following warning in...
We're using the `codeql-action` action and try to keep it up-to-date using Dependabot. Such PRs are not merged unthinkingly, we normally check the changes (new features, bugfixes etc.) first. Unfortunately...
