codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
CodeQL does not currently support PowerShell. Given that PowerShell is quite a potent language that has been used to great effect by red team and blue team alike, this lack...
This PR adds a feature flag for future use. ### Merge / deployment checklist - [x] Confirm this change is backwards compatible with existing workflows. - [x] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md)...
This pull request updates the default CodeQL bundle, as used with `tools: linked` and on GHES, to 2.19.2.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
It takes 5-6 seconds for workflows to download this repository as an action. I believe it's because the node modules directory is 300+mb. It includes at least two copies of...
This PR creates a workflow that will publish an immutable action whenever a CodeQL Action release is created. We need to distinguish this from CodeQL Bundle releases to ensure that...
The precompiled queries in the CodeQL Bundle (e.g., v2.19.1) have file permission `0600`; i.e., read-writable by the file owner only. This causes the CodeQL CLI to be unable to read...
Hi , I've been using codeql in my github repository for the past two years to review code. There is a file that has existed in the repository for the...
Running a CodeQL scan on Swift code using a manual build fails, when building with Xcode 16.0 with the following error message: > CodeQL detected code written in Swift but...
Error: [Go files were found but not processed](https://github.com/linode/terraform-provider-linode/actions/runs/11064456982/job/30742272248#step:7:299) We are seeing a weird error complaining not all Go files were processed and the error also appears on the default CodeQL...
Hello expert, I am trying to upload a SARIF file generated by a trivy scan. Whereas the SARIF file is generated, the upload of the file in the security tab...
