Actions for running CodeQL analysis
Перейти к файлу
Henry Mercer fa98ec0c7a Remove CliConfigFileEnabled feature flag 2024-01-04 14:39:36 +00:00
.github Merge pull request #2009 from github/henrymercer/drop-codeql-v2.11.5 2024-01-04 13:27:31 +00:00
.vscode VSCode settings: set default formatter for TS 2023-10-27 17:21:58 +01:00
analyze remove dedundant single quotes from node version strings 2023-12-13 11:38:14 +00:00
autobuild remove dedundant single quotes from node version strings 2023-12-13 11:38:14 +00:00
init remove dedundant single quotes from node version strings 2023-12-13 11:38:14 +00:00
lib Remove CliConfigFileEnabled feature flag 2024-01-04 14:39:36 +00:00
node_modules Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
pr-checks Merge pull request #2009 from github/henrymercer/drop-codeql-v2.11.5 2024-01-04 13:27:31 +00:00
python-setup Bump urllib3 in /python-setup/tests/poetry/python-3.8 (#1957) 2023-10-17 15:34:08 -07:00
queries Add `RUNNER_ENVIRONMENT` to the list of known default setup variables 2023-09-20 14:08:00 +02:00
resolve-environment remove dedundant single quotes from node version strings 2023-12-13 11:38:14 +00:00
src Remove CliConfigFileEnabled feature flag 2024-01-04 14:39:36 +00:00
tests C++: add deptrace pr-checks 2023-10-23 10:57:55 +02:00
upload-sarif remove dedundant single quotes from node version strings 2023-12-13 11:38:14 +00:00
.editorconfig Add a `.editorconfig` with our chosen formatting options. 2020-06-23 14:38:30 +01:00
.eslintignore Delete the runner 2022-11-14 16:23:14 +00:00
.eslintrc.json Enable no cyclic dependencies eslint rule 2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs Ignore prior commit in git blame 2023-07-25 17:59:56 +02:00
.gitattributes Refactor PR checks 2021-09-08 13:59:52 +01:00
.gitignore Delete the runner 2022-11-14 16:23:14 +00:00
.npmrc Add config file to support npm v8 and v9 simultaneously 2022-11-14 22:15:08 +00:00
.pre-commit-config.yaml Add pre-commit configuration 2023-10-26 11:03:40 +02:00
CHANGELOG.md Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
CODEOWNERS Update CODEOWNERS 2022-04-12 16:34:35 +02:00
CODE_OF_CONDUCT.md Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
CONTRIBUTING.md add note about backporting check changes to v2 branch 2023-12-20 20:00:52 +00:00
LICENSE Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
README.md Add announcement on Node 16 deprecation (#1960) 2023-10-18 23:00:03 +00:00
package-lock.json Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
package.json Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
tsconfig.json Upgrade TypeScript to 9.2.0 2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

📢 Node 16 deprecation, upcoming CodeQL Action v3 📢

Announcement for users of this Action and code scanning workflows on GitHub.com:

  • You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
  • All code scanning workflows should continue to succeed regardless of the warning.
  • The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.

For more information, and to communicate with the maintaining team, please use this issue.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing your advanced setup for code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.