codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
### Description The hardcoded set of supported languages in `languages.ts` makes it hard to experiment with new languages as custom branch with a modified `languages.ts` is required for every new...
I have an action that I'd like to work on both pull requests and push events. The SARIF is uploaded in both cases. When results of a pull request scan...
For example: ``` Running command in /home/runner/work//: [/opt/hostedtoolcache/CodeQL/0.0.0-20211004/x64/codeql/javascript/tools/autobuild.sh] Running command in /home/runner/work//: [/opt/hostedtoolcache/CodeQL/0.0.0-20211004/x64/codeql/javascript/tools/autobuild.sh] [2021-10-12 19:38:28] [build-stdout] Single-threaded extraction. [2021-10-12 19:38:28] [build-stdout] Single-threaded extraction. [2021-10-12 19:38:31] [build-stdout] Extracting ... [2021-10-12 19:38:31]...
SARIF upload endpoint returns 2 values: - `url` - `id` Having access to at least `url` would be really handy, as it would allow testing for the result of the...
Using the Runner with `--config-file ` leads to the following error. Looking at the code I expect the same applies to the Action. This is admittedly an unusual case, but...
The `pr-checks.yml` workflow has a `workflow_dispatch` event trigger so that we can run it manually. It is often useful to run manually _and_ specify a URL to a particular CodeQL...
When we see "Analysis processing failed", where should we look to investigate what failed?  The ouput of the CodeQL action is saying ``` Processing sarif files: ["reports/test.sarif"] Uploading results...
It appears that the recommended configuration for this action will make 11 calls to the GitHub REST API per push and per language, which can add up quickly and make...
#545 introduced a TODO in `pr-checks.yml`. Currently, this integration test relies on not-yet-released behaviour in the CLI. When this version of the CLI is released, we can remove the TODO.
I have a PR-workflow file in my .github/workflow Whenever a PR is created, a CodeQL action is being run from this config but an additional standalone CodeQL action is also...
