github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-05 11:12:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,708 Commits 334 Branches 535 Tags
v4.32.4
Commit Graph

3158 Commits

Author SHA1 Message Date
Michael B. Gale
39ba80c475 Merge pull request #3493 from github/update-bundle/codeql-bundle-v2.24.2 
Update default bundle to 2.24.2
 2026-02-20 11:01:00 +00:00
github-actions[bot]
d97dce6561 Update default bundle to codeql-bundle-v2.24.2 2026-02-20 10:44:31 +00:00
Henry Mercer
f7905e8415 Use new feature flag for repository properties 2026-02-19 18:30:50 +00:00
github-actions[bot]
76cf404c99 Rebuild 2026-02-18 05:01:36 +00:00
Michael B. Gale
64300e453b Merge branch 'main' into mbg/start-proxy/java-env-checks 2026-02-17 16:49:01 +00:00
Michael B. Gale
906dd890a5 Run java to show computed settings 2026-02-17 16:49:00 +00:00
Michael B. Gale
b1b1e44da9 Merge pull request #3474 from github/mbg/risk-assessment-analysis 
Add `csra` analysis kind
 2026-02-17 15:39:05 +00:00
Michael B. Gale
46473e05b7 Add more interesting Java properties 2026-02-17 15:23:21 +00:00
Michael B. Gale
32ab108bfd Move interesting JRE properties out of checkJdkSettings 2026-02-17 15:22:43 +00:00
Michael B. Gale
971592501c Consistently use "\n" to split lines, then trim extra characters if needed 2026-02-17 14:58:40 +00:00
Michael B. Gale
2abec3f0c3 Replace most occurrences of CSRA 2026-02-17 14:55:31 +00:00
Michael B. Gale
11c6c18818 Only run when debugging or test mode is enabled 2026-02-17 13:44:18 +00:00
Michael B. Gale
99fcc7b2a1 Check whether value is a URL in checkEnvVar and clear credentials 
Note also that we run this after `getCredentials` which already instructs Actions to mask credentials that we know about in logs
 2026-02-17 13:42:51 +00:00
Michael B. Gale
4250b466b2 Wrap checkProxyEnvironment call in try/catch for good measure 2026-02-17 13:17:49 +00:00
Michael B. Gale
a3d7d36aa6 Find likely JDK locations and check configurations 2026-02-17 13:17:48 +00:00
Michael B. Gale
33e2dff082 Log information about proxy-related environment variables 2026-02-17 12:38:30 +00:00
Michael B. Gale
bff89dcba4 Add enum for Java-related env var names 2026-02-17 11:37:25 +00:00
Michael B. Gale
f315d82bd7 Rename csra to risk-assessment 2026-02-17 10:52:04 +00:00
Michael B. Gale
ebce69a4b7 Merge pull request #3485 from github/mbg/java/network-debugging 
Add feature to enable Java network debugging
 2026-02-17 10:19:54 +00:00
Michael B. Gale
d1689c9307 Use all 2026-02-17 09:53:49 +00:00
Michael B. Gale
147d1495e4 Merge pull request #3484 from github/mbg/cli/force-nightly 
Add feature for forcing the `nightly` bundle in `dynamic` workflows
 2026-02-16 22:37:31 +00:00
Michael B. Gale
3e37216660 Merge branch 'main' into mbg/java/network-debugging 2026-02-16 22:02:36 +00:00
Michael B. Gale
aee29a19d7 Merge pull request #3473 from github/mbg/start-proxy/cert-gen 
Improve proxy certificate generation
 2026-02-16 17:19:30 +00:00
Michael B. Gale
f8c75d3f32 Change diagnostic level to note 2026-02-16 17:12:12 +00:00
Michael B. Gale
e315c6fd3b Add diagnostic when a nightly release is forced 2026-02-16 09:29:32 +00:00
Michael B. Gale
8b734d3bc2 Improve variable names and comments 
Also set default `GITHUB_EVENT_NAME` in `setupActionsVars`
 2026-02-16 08:54:19 +00:00
Michael B. Gale
e21e4ca93f Add debugging options to JAVA_TOOL_OPTIONS when FF is enabled 2026-02-15 18:12:51 +00:00
Michael B. Gale
595ce2dc3e Add JavaNetworkDebugging feature 2026-02-15 18:04:48 +00:00
Michael B. Gale
d5f0374a1f Force nightly bundle when FF is enabled 2026-02-15 17:22:20 +00:00
Michael B. Gale
34d43db4c6 Add ForceNightly feature 2026-02-15 16:10:53 +00:00
github-actions[bot]
6bddc7956d Rebuild 2026-02-13 12:01:09 +00:00
Michael B. Gale
9835994414 CSRA category does not need to be adjusted 2026-02-12 20:16:22 +00:00
Michael B. Gale
0ce6420f8e Validate CODEQL_ACTION_CSRA_ASSESSMENT_ID value 2026-02-12 20:15:18 +00:00
Henry Mercer
876cecb383 Avoid requesting features in CCR 2026-02-12 16:53:19 +00:00
Henry Mercer
43b46a19be Retry API authentication errors since these can be transient 2026-02-12 16:19:04 +00:00
Michael B. Gale
4edc7d2e82 Merge pull request #3467 from github/dependabot/npm_and_yarn/npm-minor-5707d09364 
Bump the npm-minor group with 2 updates
 2026-02-12 13:33:11 +00:00
Michael B. Gale
2adcb6464e Add BasePayload type and derive AssessmentPayload from it 2026-02-12 00:13:22 +00:00
Michael B. Gale
da67096c6f Change assessment_id to be a number 2026-02-12 00:10:42 +00:00
Michael B. Gale
c48cd247df Add assessment_id to CSRA payload 2026-02-11 23:56:52 +00:00
Michael B. Gale
0cfcceb4b8 Add transformPayload to AnalysisConfig 2026-02-11 23:56:51 +00:00
Michael B. Gale
6a17f4e258 Update getPrimaryAnalysis* and add test 2026-02-11 22:46:24 +00:00
Michael B. Gale
8cc4d2539b Remove redundant analysis kind check 2026-02-11 22:14:39 +00:00
Michael B. Gale
5132eb53f2 Fix CodeScanning config's sarifPredicate and add test 2026-02-11 22:10:55 +00:00
Michael B. Gale
5b3261bcbf Enforce that only compatible kinds can be enabled concurrently 2026-02-11 20:14:37 +00:00
Michael B. Gale
9267d8d51e Add csra analysis kind 2026-02-11 19:48:06 +00:00
Michael B. Gale
b1d963ed8f Gate updated cert gen behind FF 2026-02-11 19:23:10 +00:00
Michael B. Gale
d636fb3f63 Move certificate code to its own file 2026-02-11 19:23:09 +00:00
Michael B. Gale
d155ebf27f Set more extensions 2026-02-11 19:23:09 +00:00
Michael B. Gale
e8f0116911 Explicitly sign certificate with SHA256 2026-02-11 19:23:09 +00:00
Michael B. Gale
713a293090 Set keyUsage 2026-02-11 19:23:08 +00:00