From 9267d8d51e8b42a6a4d4fd944280c2f9cdc5335c Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Wed, 11 Feb 2026 19:48:06 +0000
Subject: [PATCH] Add `csra` analysis kind

---
 lib/analyze-action-post.js        |  1 +
 lib/analyze-action.js             | 18 +++++++++++++++++-
 lib/autobuild-action.js           |  1 +
 lib/init-action-post.js           |  1 +
 lib/init-action.js                |  1 +
 lib/resolve-environment-action.js |  1 +
 lib/setup-codeql-action.js        |  1 +
 lib/start-proxy-action-post.js    |  1 +
 lib/start-proxy-action.js         |  1 +
 lib/upload-lib.js                 | 16 +++++++++++++++-
 lib/upload-sarif-action-post.js   |  1 +
 lib/upload-sarif-action.js        | 18 +++++++++++++++++-
 src/analyses.ts                   | 20 +++++++++++++++++++-
 13 files changed, 77 insertions(+), 4 deletions(-)

diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js
index d097d992d..bceaf258f 100644
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -161224,6 +161224,7 @@ var path3 = __toESM(require("path"));
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/analyze-action.js b/lib/analyze-action.js
index c0288403b..ec649abd5 100644
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -106485,6 +106485,7 @@ function fixCodeQualityCategory(logger, category) {
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
@@ -106507,15 +106508,30 @@ var CodeQuality = {
   fixCategory: fixCodeQualityCategory,
   sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
 };
+var CSRA = {
+  kind: "csra" /* CSRA */,
+  name: "csra",
+  target: "PUT /repos/:owner/:repo/code-scanning/risk-assessment" /* CSRA */,
+  sarifExtension: ".csra.sarif",
+  sarifPredicate: (name) => name.endsWith(CSRA.sarifExtension),
+  fixCategory: fixCodeQualityCategory,
+  sentinelPrefix: "CODEQL_UPLOAD_CSRA_SARIF_"
+};
 function getAnalysisConfig(kind) {
   switch (kind) {
     case "code-scanning" /* CodeScanning */:
       return CodeScanning;
     case "code-quality" /* CodeQuality */:
       return CodeQuality;
+    case "csra" /* CSRA */:
+      return CSRA;
   }
 }
-var SarifScanOrder = [CodeQuality, CodeScanning];
+var SarifScanOrder = [
+  CSRA,
+  CodeQuality,
+  CodeScanning
+];
 
 // src/analyze.ts
 var fs12 = __toESM(require("fs"));
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
index 416cc2272..9aa58f417 100644
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -103629,6 +103629,7 @@ var path4 = __toESM(require("path"));
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index 44e368f8a..122494401 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -164545,6 +164545,7 @@ var path6 = __toESM(require("path"));
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/init-action.js b/lib/init-action.js
index 8607b2391..1dcae2005 100644
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -103833,6 +103833,7 @@ function isAnalyzingPullRequest() {
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind3) => {
   AnalysisKind3["CodeScanning"] = "code-scanning";
   AnalysisKind3["CodeQuality"] = "code-quality";
+  AnalysisKind3["CSRA"] = "csra";
   return AnalysisKind3;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js
index a84107251..d2c4da143 100644
--- a/lib/resolve-environment-action.js
+++ b/lib/resolve-environment-action.js
@@ -103628,6 +103628,7 @@ var path3 = __toESM(require("path"));
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js
index c01ec64f5..ddc06f431 100644
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -104553,6 +104553,7 @@ function wrapCliConfigurationError(cliError) {
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js
index c29841a85..adccec31b 100644
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -160859,6 +160859,7 @@ var path = __toESM(require("path"));
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index 072924405..7baced5b4 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -121161,6 +121161,7 @@ var core9 = __toESM(require_core());
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
index 0fa50e396..4b38eb22d 100644
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -106141,6 +106141,7 @@ function fixCodeQualityCategory(logger, category) {
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
@@ -106162,7 +106163,20 @@ var CodeQuality = {
   fixCategory: fixCodeQualityCategory,
   sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
 };
-var SarifScanOrder = [CodeQuality, CodeScanning];
+var CSRA = {
+  kind: "csra" /* CSRA */,
+  name: "csra",
+  target: "PUT /repos/:owner/:repo/code-scanning/risk-assessment" /* CSRA */,
+  sarifExtension: ".csra.sarif",
+  sarifPredicate: (name) => name.endsWith(CSRA.sarifExtension),
+  fixCategory: fixCodeQualityCategory,
+  sentinelPrefix: "CODEQL_UPLOAD_CSRA_SARIF_"
+};
+var SarifScanOrder = [
+  CSRA,
+  CodeQuality,
+  CodeScanning
+];
 
 // src/api-client.ts
 var core5 = __toESM(require_core());
diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js
index a733e8c04..04f501694 100644
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -160866,6 +160866,7 @@ var io5 = __toESM(require_io());
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
index edc784084..6d33fb587 100644
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -106179,6 +106179,7 @@ function fixCodeQualityCategory(logger, category) {
 var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
   AnalysisKind2["CodeScanning"] = "code-scanning";
   AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["CSRA"] = "csra";
   return AnalysisKind2;
 })(AnalysisKind || {});
 var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
@@ -106200,15 +106201,30 @@ var CodeQuality = {
   fixCategory: fixCodeQualityCategory,
   sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
 };
+var CSRA = {
+  kind: "csra" /* CSRA */,
+  name: "csra",
+  target: "PUT /repos/:owner/:repo/code-scanning/risk-assessment" /* CSRA */,
+  sarifExtension: ".csra.sarif",
+  sarifPredicate: (name) => name.endsWith(CSRA.sarifExtension),
+  fixCategory: fixCodeQualityCategory,
+  sentinelPrefix: "CODEQL_UPLOAD_CSRA_SARIF_"
+};
 function getAnalysisConfig(kind) {
   switch (kind) {
     case "code-scanning" /* CodeScanning */:
       return CodeScanning;
     case "code-quality" /* CodeQuality */:
       return CodeQuality;
+    case "csra" /* CSRA */:
+      return CSRA;
   }
 }
-var SarifScanOrder = [CodeQuality, CodeScanning];
+var SarifScanOrder = [
+  CSRA,
+  CodeQuality,
+  CodeScanning
+];
 
 // src/api-client.ts
 var core5 = __toESM(require_core());
diff --git a/src/analyses.ts b/src/analyses.ts
index 4f91ab07c..33aa68f56 100644
--- a/src/analyses.ts
+++ b/src/analyses.ts
@@ -9,6 +9,7 @@ import { ConfigurationError } from "./util";
 export enum AnalysisKind {
   CodeScanning = "code-scanning",
   CodeQuality = "code-quality",
+  CSRA = "csra",
 }
 
 // Exported for testing. A set of all known analysis kinds.
@@ -101,6 +102,7 @@ export const codeQualityQueries: string[] = ["code-quality"];
 enum SARIF_UPLOAD_ENDPOINT {
   CODE_SCANNING = "PUT /repos/:owner/:repo/code-scanning/analysis",
   CODE_QUALITY = "PUT /repos/:owner/:repo/code-quality/analysis",
+  CSRA = "PUT /repos/:owner/:repo/code-scanning/risk-assessment",
 }
 
 // Represents configurations for different analysis kinds.
@@ -146,6 +148,16 @@ export const CodeQuality: AnalysisConfig = {
   sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_",
 };
 
+export const CSRA: AnalysisConfig = {
+  kind: AnalysisKind.CSRA,
+  name: "csra",
+  target: SARIF_UPLOAD_ENDPOINT.CSRA,
+  sarifExtension: ".csra.sarif",
+  sarifPredicate: (name) => name.endsWith(CSRA.sarifExtension),
+  fixCategory: fixCodeQualityCategory,
+  sentinelPrefix: "CODEQL_UPLOAD_CSRA_SARIF_",
+};
+
 /**
  * Gets the `AnalysisConfig` corresponding to `kind`.
  * @param kind The analysis kind to get the `AnalysisConfig` for.
@@ -160,6 +172,8 @@ export function getAnalysisConfig(kind: AnalysisKind): AnalysisConfig {
       return CodeScanning;
     case AnalysisKind.CodeQuality:
       return CodeQuality;
+    case AnalysisKind.CSRA:
+      return CSRA;
   }
 }
 
@@ -167,4 +181,8 @@ export function getAnalysisConfig(kind: AnalysisKind): AnalysisConfig {
 // we want to scan a folder containing SARIF files in an order that finds the more
 // specific extensions first. This constant defines an array in the order of analyis
 // configurations with more specific extensions to less specific extensions.
-export const SarifScanOrder = [CodeQuality, CodeScanning];
+export const SarifScanOrder: AnalysisConfig[] = [
+  CSRA,
+  CodeQuality,
+  CodeScanning,
+];