codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
Hello, I have a GitHub Advanced Security license for my GitHub org, and it's applied to all repos. By default CodeQL scans for the default, i.e., the main branch, but...
We are getting errors today downloading the latest version of the code - is this related to the rollback? We have not changed anything in our pipeline: - task: AdvancedSecurity-Codeql-Init@1...
The `upload-sarif` action can be used in workflows without an `init` step. This means that it is possible for the `upload-sarif` action to be used correctly even though the CodeQL...
Have used _CodeQL_ for 2 years (without config files), all commits passed. But https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/ broke https://github.com/codacy/codacy-analysis-cli/ (https://github.com/codacy/codacy-analysis-cli/issues/541), so [_Codacy_ was removed](https://github.com/SwuduSusuwu/SusuLib/commit/5725afb79dbed571f09434e1ddf20c01e675f95f), which caused `Exit code was 32 and last log...
Given that this action is widely used and can read other security events (arguably a github flaw), it's probably worth making sure all commits are signed for added peace of...
Not all issues have a uri associated with them. For example: {"ruleId":"Branch-Protection - BranchProtectionID (sscs-scorecard)","level":"error","message":{"text":"score is 5: branch protection is not maximal on development and all release branches:\nWarn: \u0026#39;last push...