Actions for running CodeQL analysis

actions advanced-security ci codeql code-scanning semmle-ql

Перейти к файлу

Ian Lynagh af1600d4f8 npm run build		2023-08-30 15:09:31 +01:00
.github	Bump the actions-setup-swift group	2023-08-21 17:39:22 +00:00
.vscode	Use vendored TypeScript version for VS Code	2023-08-07 15:08:32 +01:00
analyze	Add output for analyze action output path	2023-07-25 16:03:16 -04:00
autobuild	autobuild: add working-directory input	2022-04-08 13:37:42 -07:00
init	Update init/action.yml : PR review	2023-04-10 07:37:20 +02:00
lib	npm run build	2023-08-30 15:09:31 +01:00
node_modules	Bump the npm group with 5 updates (#1856 )	2023-08-29 04:47:41 -07:00
pr-checks	Merge pull request #1823 from github/henrymercer/setup-swift-more-consistent	2023-08-07 17:39:16 +01:00
python-setup	Merge pull request #1800 from github/dependabot/pip/python-setup/tests/poetry/python-3.8/certifi-2023.7.22	2023-07-26 13:46:36 +02:00
queries	Ignore test files in env vars query	2023-08-07 17:31:09 +01:00
resolve-environment	Update `working-directory` description	2023-06-13 20:46:00 +01:00
src	Test	2023-08-30 15:09:11 +01:00
tests	Move to the codeql-testing org	2023-04-04 13:39:56 -07:00
upload-sarif	Re-enable waiting for processing by default, using the new API semantics.	2022-03-30 12:24:59 +01:00
.editorconfig	Add a `.editorconfig` with our chosen formatting options.	2020-06-23 14:38:30 +01:00
.eslintignore	Delete the runner	2022-11-14 16:23:14 +00:00
.eslintrc.json	Enable no cyclic dependencies eslint rule	2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs	Ignore prior commit in git blame	2023-07-25 17:59:56 +02:00
.gitattributes	Refactor PR checks	2021-09-08 13:59:52 +01:00
.gitignore	Delete the runner	2022-11-14 16:23:14 +00:00
.npmrc	Add config file to support npm v8 and v9 simultaneously	2022-11-14 22:15:08 +00:00
CHANGELOG.md	Merge pull request #1860 from github/aeisenberg/better-error-messages	2023-08-29 13:51:10 -07:00
CODEOWNERS	Update CODEOWNERS	2022-04-12 16:34:35 +02:00
CODE_OF_CONDUCT.md	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
CONTRIBUTING.md	Update npm version	2023-05-25 17:06:08 +01:00
LICENSE	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
README.md	Update README.md	2023-08-21 11:37:17 -04:00
package-lock.json	Bump the npm group with 5 updates (#1856 )	2023-08-29 04:47:41 -07:00
package.json	Bump the npm group with 5 updates (#1856 )	2023-08-29 04:47:41 -07:00
tsconfig.json	Upgrade TypeScript to 9.2.0	2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing your advanced setup for code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.