codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
Associated GitHub Community ticket: https://github.community/t/codeql-out-of-memory/135280 The customer set a workflow like as [this](https://github.com/bdukes/Dnn.Platform/actions/runs/282463971/workflow). When the set the **CodeQL action** to run for the **C#** language, the step "[**Perform CodeQL Analysis**](https://github.com/bdukes/Dnn.Platform/actions/runs/282463971/workflow#L70)"...
> It appears that `npm ci` creates a huge diff. None of the package.json files in node_modules have a final newline. Is this something that should be done separate from...
- https://github.com/github/codeql-action/blob/f00bafbde1cf72f723cff6bcb0fa170325b2edb9/src/config-utils.ts#L1074 - https://github.com/github/codeql-action/blob/f00bafbde1cf72f723cff6bcb0fa170325b2edb9/src/config-utils.ts#L1087 Both are annotated as asynchronous functions but neither utilizes asynchronous IO.
https://github.com/github/codeql-action/blob/f00bafbde1cf72f723cff6bcb0fa170325b2edb9/src/config-utils.ts#L1098 Unfortunately, JSON.parse() is typed as returning `any`. It appears that this was not an issue that was reported because `noImplicitAny` was explicitly disabled in the root tsconfig.json.
We potentially output files with environment variables in formats for a few different shells, but we base that decision solely on which OS we're running on. This leads to problems...
I have a repository (https://github.com/blu3mania/npp-papyrus) with pure C++ code. For CodeQL scan it uses its own build step since autobuild doesn't work. A recent scheduled build failed with error "No...
In [analyze-action.ts: L110](https://github.com/github/codeql-action/blob/49cb962d826a96d8706c0efad0e46ccd6acc6da4/src/analyze-action.ts#L110) we print the per language log files from the database log folders. However, we don't print the multi-language tracer log (ie. a file named [`compound-build-tracer.log`](https://github.com/github/codeql-action/blob/087e7a3a1ab07e2847a36261c5ce709f910a53d8/src/tracer-config.ts#L111-L114)) which is...
When testing CodeQL on my project's C++ code, the build succeeded but the following analysis step failed. The error in the log has a lot of Java-related details that are...
**Expected behaviour**: No error **Actual behaviour**: codeql-action/upload-sarif@v1 doesn't accept empty sarif Exemple: ``` { "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", "version": "2.1.0", "runs": [] } ``` Result: ``` Uploading sarif files: ["final.sarif"] Uploading results...
 The de facto state (seen through the GitHub API) of the code scanning alerts is either "open" or "dismissed", however in the Code scanning alerts table, those states are...
