codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
### Background For users that want to incorporate some external data into a database, [odasa supported a workflow](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) based on csv files. During database creation, a specific subdirectory was scanned...
Fixes https://github.com/github/codeql-action/issues/1249 As described [here](https://askubuntu.com/questions/1406304/virtualenv-installs-envs-into-local-bin-instead-of-bin), when using Ubuntu 22.04 with new enough versions of `setuptools` (60.0.0+), the virtual environment created with `virtualenv` will put binaries in `/local/bin` instead of `/bin`....
### Merge / deployment checklist A one-line change to correctly update the version reported to our telemetry when we used a cached CodeQL bundle. Open questions (cc @henrymercer): - I...
Hey! When playing around with python CodeQL analysis I stumbled across an exception during the init phase: ``` Installing collected packages: virtualenv-clone, pipenv Successfully installed pipenv-2022.9.8 virtualenv-clone-0.5.7 + command -v...
Hello! Today I wanted to enhance our CodeQL scan in the [systemd](https://github.com/systemd/systemd/pull/24671) repo by using the `security-extended` and `security-and-quality` query sets, but after adding them the CodeQL action can no...
I've recently noticed, when running `semgrep`, that findings that are suppressed in code with `#nosemgrep` flag the results with a `suppressions` property. This seems to be [valid sarif formatting](https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541099). Example...
**Actual behavior** I hacked out a small script to fix missing overrides alerts ([this one](https://gist.github.com/johannes-riecken/efcb356f42364281a8692c47b1d1a15b) if anyone's interested, but not relevant to this issue). After pushing the changes directly to...
I'm not sure if this is the right repository (If not point me to the right one). Currently i use lgtm for code analysis, but since it will stop working...
Recently I see failures always from codeql, "Code scanning cannot determine the alerts introduced or fixed by this pull request" Although I have only the go language configured: ```yaml strategy:...
### Merge / deployment checklist - [ ] Confirm this change is backwards compatible with existing workflows. - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary. - [...
