codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
I am currently utilizing the github/codeql-action/analyze@v2 action to execute CodeQL analysis within my GitHub Actions workflow. While the action successfully generates diagnostic and metric summary output, I am facing challenges...
The CodeQL `init` action YML file has a field called `tools`. The field is optional, but when specified, should reference a URL to the CodeQL tools: https://github.com/github/codeql-action/blob/40542d38bc4936c2ca7da883aeb050a6081b4b31/init/action.yml#L5 We need clear...
We are running CodeQL as an action on self-hosted runners and have enabled the 'over-write' option to clean the CodeQL database before each run. However, some environments fail with the...
This run generated a not particularly helpful message: https://github.com/check-spelling/gnu-gnulib/actions/runs/5151289440/jobs/9276309000#step:2:15096 ```js Uploading results Processing sarif files: ["/tmp/tmp.Ba0HZNhBK7.sarif.json"] Error details: instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn must be greater than or equal to 1 { "path": [...
Hello! I have been investigating an issue where our javascript analysis can take hours, or often fail to complete entirely. We are also seeing large db results and memory usage....
This PR implements autobuilding using the hidden `database autobuild` CLI subcommand. This simplifies the implementation of autobuild, opens the door to sharing more code between the CodeQL Action and third...
Error: Could not auto-detect a suitable build method Error: We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps....
I have a workflow `Linter test` **only** for manually dispatching. But codeql always reports this warning ([example](https://github.com/MoegirlPediaInterfaceAdmins/MoegirlPediaInterfaceCodes/pull/144/checks?check_run_id=12351560644)): ``` Warning: Code scanning cannot determine the alerts introduced by this pull request,...
When running GitHub actions PR checks in the [merge queue](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue) I get an error message. ``` Uploading results Processing sarif files: ["/home/runner/work/slsa-github-generator/results/go.sarif"] Uploading results Error: ref 'refs/heads/gh-readonly-queue/main/pr-1804-67d80537cd2bc6f8a811283cdee52752c3aa52a2' not found in...
Hi team, I added a customized config file to ask for ignoring 3 files: https://github.com/linkedin/venice/pull/238/commits/3ee4b75e05d10ea485854b9206e883fd813a24b0 but it appears that CodeQL still scans them and reports; am I doing anything wrong...
