Actions for running CodeQL analysis

actions advanced-security ci codeql code-scanning semmle-ql

Перейти к файлу

Angela P Wen 1f63aba653 PR Checks: Test `codeql-bundle.tar.gz` (#1822 )		2023-08-03 15:38:21 +00:00
.github	PR Checks: Test `codeql-bundle.tar.gz` (#1822 )	2023-08-03 15:38:21 +00:00
.vscode	Add a tasks.json	2021-05-13 16:40:19 +00:00
analyze	Add output for analyze action output path	2023-07-25 16:03:16 -04:00
autobuild	autobuild: add working-directory input	2022-04-08 13:37:42 -07:00
init	Update init/action.yml : PR review	2023-04-10 07:37:20 +02:00
lib	Autogenerate source map	2023-08-02 11:54:32 +02:00
node_modules	Bump the npm group with 2 updates (#1819 )	2023-08-01 03:35:02 -07:00
pr-checks	PR Checks: Test `codeql-bundle.tar.gz` (#1822 )	2023-08-03 15:38:21 +00:00
python-setup	Merge pull request #1800 from github/dependabot/pip/python-setup/tests/poetry/python-3.8/certifi-2023.7.22	2023-07-26 13:46:36 +02:00
queries	Address review comments	2023-05-31 14:23:43 +01:00
resolve-environment	Update `working-directory` description	2023-06-13 20:46:00 +01:00
src	Merge branch 'main' into igfoo/code_scanning_codeql_java_lombok	2023-08-02 02:44:05 -07:00
tests	Move to the codeql-testing org	2023-04-04 13:39:56 -07:00
upload-sarif	Re-enable waiting for processing by default, using the new API semantics.	2022-03-30 12:24:59 +01:00
.editorconfig	Add a `.editorconfig` with our chosen formatting options.	2020-06-23 14:38:30 +01:00
.eslintignore	Delete the runner	2022-11-14 16:23:14 +00:00
.eslintrc.json	Enable no cyclic dependencies eslint rule	2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs	Ignore prior commit in git blame	2023-07-25 17:59:56 +02:00
.gitattributes	Refactor PR checks	2021-09-08 13:59:52 +01:00
.gitignore	Delete the runner	2022-11-14 16:23:14 +00:00
.npmrc	Add config file to support npm v8 and v9 simultaneously	2022-11-14 22:15:08 +00:00
CHANGELOG.md	Add changelog note	2023-08-01 17:54:33 +01:00
CODEOWNERS	Update CODEOWNERS	2022-04-12 16:34:35 +02:00
CODE_OF_CONDUCT.md	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
CONTRIBUTING.md	Update npm version	2023-05-25 17:06:08 +01:00
LICENSE	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
README.md	Simplify README to recommend default setup and refer to docs	2023-07-28 17:30:34 +01:00
package-lock.json	Bump the npm group with 2 updates (#1819 )	2023-08-01 03:35:02 -07:00
package.json	Bump the npm group with 2 updates (#1819 )	2023-08-01 03:35:02 -07:00
tsconfig.json	Upgrade TypeScript to 9.2.0	2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.