Actions for running CodeQL analysis

actions advanced-security ci codeql code-scanning semmle-ql

Перейти к файлу

Henry Mercer ba5812e64f Add `ImageVersion` to safe env vars for default setup		2023-08-07 17:29:12 +01:00
.github	PR Checks: Test `codeql-bundle.tar.gz` (#1822 )	2023-08-03 15:38:21 +00:00
.vscode	Use vendored TypeScript version for VS Code	2023-08-07 15:08:32 +01:00
analyze	Add output for analyze action output path	2023-07-25 16:03:16 -04:00
autobuild	autobuild: add working-directory input	2022-04-08 13:37:42 -07:00
init	Update init/action.yml : PR review	2023-04-10 07:37:20 +02:00
lib	Add runner image version to status report	2023-08-07 16:27:56 +01:00
node_modules	Install check-disk-space Node package	2023-08-07 15:08:26 +01:00
pr-checks	PR Checks: Test `codeql-bundle.tar.gz` (#1822 )	2023-08-03 15:38:21 +00:00
python-setup	Merge pull request #1800 from github/dependabot/pip/python-setup/tests/poetry/python-3.8/certifi-2023.7.22	2023-07-26 13:46:36 +02:00
queries	Add `ImageVersion` to safe env vars for default setup	2023-08-07 17:29:12 +01:00
resolve-environment	Update `working-directory` description	2023-06-13 20:46:00 +01:00
src	Add runner image version to status report	2023-08-07 16:27:56 +01:00
tests	Move to the codeql-testing org	2023-04-04 13:39:56 -07:00
upload-sarif	Re-enable waiting for processing by default, using the new API semantics.	2022-03-30 12:24:59 +01:00
.editorconfig	Add a `.editorconfig` with our chosen formatting options.	2020-06-23 14:38:30 +01:00
.eslintignore	Delete the runner	2022-11-14 16:23:14 +00:00
.eslintrc.json	Enable no cyclic dependencies eslint rule	2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs	Ignore prior commit in git blame	2023-07-25 17:59:56 +02:00
.gitattributes	Refactor PR checks	2021-09-08 13:59:52 +01:00
.gitignore	Delete the runner	2022-11-14 16:23:14 +00:00
.npmrc	Add config file to support npm v8 and v9 simultaneously	2022-11-14 22:15:08 +00:00
CHANGELOG.md	Add changelog note	2023-08-01 17:54:33 +01:00
CODEOWNERS	Update CODEOWNERS	2022-04-12 16:34:35 +02:00
CODE_OF_CONDUCT.md	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
CONTRIBUTING.md	Update npm version	2023-05-25 17:06:08 +01:00
LICENSE	Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)	2020-04-28 17:23:37 +02:00
README.md	Simplify README to recommend default setup and refer to docs	2023-07-28 17:30:34 +01:00
package-lock.json	Install check-disk-space Node package	2023-08-07 15:08:26 +01:00
package.json	Install check-disk-space Node package	2023-08-07 15:08:26 +01:00
tsconfig.json	Upgrade TypeScript to 9.2.0	2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.