Actions for running CodeQL analysis
Перейти к файлу
Angela P Wen 1515e2bb20
Refactor configuration errors (#2105)
Refactor the existing classes of configuration errors into their own file; consolidate the place we check for configuration errors into `codeql.ts`, where the actual command invocations happen.

Also, rename the `UserError` type to `ConfigurationError` to standardize on a single term.
2024-02-08 17:20:03 +00:00
.github Merge pull request #2120 from github/henrymercer/no-autobuild-action-necessary-with-build-mode 2024-02-08 16:23:54 +00:00
.vscode VSCode settings: set default formatter for TS 2023-10-27 17:21:58 +01:00
analyze Document `action.inputs.token` (#2110) 2024-02-08 09:45:27 +00:00
autobuild Document `action.inputs.token` (#2110) 2024-02-08 09:45:27 +00:00
init Detail requirements for different build modes 2024-02-01 12:00:56 +00:00
lib Refactor configuration errors (#2105) 2024-02-08 17:20:03 +00:00
node_modules Bump the npm group with 2 updates (#2118) 2024-02-06 02:57:43 -08:00
pr-checks Merge pull request #2120 from github/henrymercer/no-autobuild-action-necessary-with-build-mode 2024-02-08 16:23:54 +00:00
python-setup Bump urllib3 in /python-setup/tests/poetry/python-3.8 (#1957) 2023-10-17 15:34:08 -07:00
queries Internal queries: Replace deprecated predicates 2024-01-24 00:20:18 +00:00
resolve-environment Document `action.inputs.token` (#2110) 2024-02-08 09:45:27 +00:00
src Refactor configuration errors (#2105) 2024-02-08 17:20:03 +00:00
tests Add PR checks for other build modes 2024-02-08 15:40:46 +00:00
upload-sarif Document `action.inputs.token` (#2110) 2024-02-08 09:45:27 +00:00
.editorconfig Add a `.editorconfig` with our chosen formatting options. 2020-06-23 14:38:30 +01:00
.eslintignore Delete the runner 2022-11-14 16:23:14 +00:00
.eslintrc.json Enable no cyclic dependencies eslint rule 2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs Ignore prior commit in git blame 2023-07-25 17:59:56 +02:00
.gitattributes Refactor PR checks 2021-09-08 13:59:52 +01:00
.gitignore Delete the runner 2022-11-14 16:23:14 +00:00
.npmrc Add config file to support npm v8 and v9 simultaneously 2022-11-14 22:15:08 +00:00
.pre-commit-config.yaml Add pre-commit configuration 2023-10-26 11:03:40 +02:00
CHANGELOG.md Update changelog and version after v3.24.0 2024-02-02 18:31:47 +00:00
CODEOWNERS Update CODEOWNERS 2022-04-12 16:34:35 +02:00
CODE_OF_CONDUCT.md Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
CONTRIBUTING.md add note about backporting check changes to v2 branch 2023-12-20 20:00:52 +00:00
LICENSE Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
README.md Add a README section about supported versions 2024-01-26 14:09:22 +00:00
package-lock.json Bump the npm group with 2 updates (#2118) 2024-02-06 02:57:43 -08:00
package.json Bump the npm group with 2 updates (#2118) 2024-02-06 02:57:43 -08:00
tsconfig.json Upgrade TypeScript to 9.2.0 2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing your advanced setup for code scanning."

Supported versions of the CodeQL Action

The following versions of the CodeQL Action are currently supported:

  • v3 (latest)
  • v2 (deprecated, support will end on December 5th, 2024)

The only difference between CodeQL Action v2 and v3 is the version of Node.js on which they run. CodeQL Action v3 runs on Node 20, while CodeQL Action v2 runs on Node 16.

To provide the best experience to customers using older versions of GitHub Enterprise Server, we will continue to release CodeQL Action v2 so that these customers can continue to run the latest version of CodeQL as long as their version of GitHub Enterprise Server is supported. For example CodeQL Action v3.22.11 was the first release of CodeQL Action v3 and is functionally identical to v2.22.11. This approach provides an easy way to track exactly which features are included in different versions by looking at the minor and patch version numbers.

For more information, see "Code scanning: deprecation of CodeQL Action v2.".

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.