codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
Similar to `actions/upload-artifact`, `upload-sarif` should allow upload multiple sarif files. Pattern matching from `upload-artifact` should be great too.
I have added the C# lang to the lang matrix to test it on a c# file for my pipeline but I get this error when I run it; Failure...
Unfortunately, this is a showstopper for using the Codacy tool, which runs a plethora of scanners, each of which reports individually: https://github.com/codacy/codacy-analysis-cli-action/issues/95 None of the discussed workarounds are usable: the...
Here is an example alert. https://github.com/mesonbuild/meson/pull/11218/checks?check_run_id=10309314938 > Fixed alerts > [Unused local variable](https://github.com/mesonbuild/meson/security/code-scanning/801) (unittests/baseplatformtests.py:219) This points to the following code: https://github.com/mesonbuild/meson/blob/891b4ffe3372c840322f5586430dcba34acf6d53/unittests/baseplatformtests.py#L219-L219 ... but the commit in question doesn't modify that...
[Error: .github#L1](https://github.com/sonic-net/sonic-linkmgrd/commit/ac24ad14b0144b1036b8012762f2e1887e4ae532#annotation_6573056254) actions/checkout@v3, github/codeql-action/[email protected], and github/codeql-action/[email protected] are not allowed to be used in sonic-net/sonic-linkmgrd. Actions in this workflow must be: within a repository owned by sonic-net. I don't understand the...
When running autobuild on a C# project it returns the following, where .NET 7 is not among them .NET SDKs installed: 3.1.120 [/usr/share/dotnet/sdk] 3.1.202 [/usr/share/dotnet/sdk] 3.1.302 [/usr/share/dotnet/sdk] 3.1.424 [/usr/share/dotnet/sdk] 5.0.104...
One challenge we've seen with customers running CodeQL against large applications is the time to execute CodeQL scans. One potential solution is to split out the query packs to run...
Hi, I'm looking to using codeql-action for some shared workflows that are intended to be used across our organization. However, we have separate workflows for PRs and pushes to main...
While enabling CodeQL, I encounter this error frequently. Occassionally, I do not encounter the error and the GitHub action succeeds. ``` /opt/hostedtoolcache/CodeQL/0.0.0-20221010/x64/codeql/codeql database finalize --finalize-dataset --threads=2 /home/runner/work/_temp/codeql_databases/cpp --ram=5920 Running TRAP...
