github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-04 12:50:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,701 Commits 342 Branches 541 Tags
ba2492c5082881bc2f523cf3f93a879946731961
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Henning Makholm ba2492c508 pass CODEQL_FEATURE_RAM_2023 to the CLI 
This prepares for an upcoming change in how the `--ram` argument to
the CLI is interpreted.

The CLI will interpret _either_ this feature flag _or_ an Action
version of 2.22.10 or earlier as a sign that it would fall back to
the current interpretation of `--ram`.

Later in the future, the Action can start using a less conservative
calculation of `--ram` (when it detect the CLI is sufficiently new
CLIs) and signal that to the CLI by _not_ passing
`CODEQL_FEATURE_RAM_2023` anyway.

That way we can avoid wrong RAM settings caused by mismatched CLI and
Actions versions.
2023-12-11 18:29:36 +01:00
.github
update workflows to run on all release branches
2023-12-06 15:57:43 +00:00
.vscode
VSCode settings: set default formatter for TS
2023-10-27 17:21:58 +01:00
analyze
Add output for analyze action output path
2023-07-25 16:03:16 -04:00
autobuild
C++: simplify CppDependencyInstallation interface
2023-09-20 14:05:12 +02:00
init
Improve description of codeql-action/init languages input (#1919)
2023-10-04 12:01:23 -07:00
lib
Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4
2023-12-07 06:34:56 -08:00
node_modules
Update checked-in dependencies
2023-12-07 11:37:26 +00:00
pr-checks
update workflows to run on all release branches
2023-12-06 15:57:43 +00:00
python-setup
Bump urllib3 in /python-setup/tests/poetry/python-3.8 (#1957)
2023-10-17 15:34:08 -07:00
queries
Add RUNNER_ENVIRONMENT to the list of known default setup variables
2023-09-20 14:08:00 +02:00
resolve-environment
Update working-directory description
2023-06-13 20:46:00 +01:00
src
pass CODEQL_FEATURE_RAM_2023 to the CLI
2023-12-11 18:29:36 +01:00
tests
C++: add deptrace pr-checks
2023-10-23 10:57:55 +02:00
upload-sarif
Re-enable waiting for processing by default, using the new API semantics.
2022-03-30 12:24:59 +01:00
.editorconfig
Add a .editorconfig with our chosen formatting options.
2020-06-23 14:38:30 +01:00
.eslintignore
Delete the runner
2022-11-14 16:23:14 +00:00
.eslintrc.json
Enable no cyclic dependencies eslint rule
2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs
Ignore prior commit in git blame
2023-07-25 17:59:56 +02:00
.gitattributes
Refactor PR checks
2021-09-08 13:59:52 +01:00
.gitignore
Delete the runner
2022-11-14 16:23:14 +00:00
.npmrc
Add config file to support npm v8 and v9 simultaneously
2022-11-14 22:15:08 +00:00
.pre-commit-config.yaml
Add pre-commit configuration
2023-10-26 11:03:40 +02:00
CHANGELOG.md
Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4
2023-12-07 06:34:56 -08:00
CODE_OF_CONDUCT.md
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
2020-04-28 17:23:37 +02:00
CODEOWNERS
Update CODEOWNERS
2022-04-12 16:34:35 +02:00
CONTRIBUTING.md
Apply suggestions from code review
2023-12-06 11:40:07 +00:00
LICENSE
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
2020-04-28 17:23:37 +02:00
package-lock.json
Update changelog and version after v2.22.9
2023-12-07 11:33:23 +00:00
package.json
Update changelog and version after v2.22.9
2023-12-07 11:33:23 +00:00
README.md
Add announcement on Node 16 deprecation (#1960)
2023-10-18 23:00:03 +00:00
tsconfig.json
Upgrade TypeScript to 9.2.0
2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

📢 Node 16 deprecation, upcoming CodeQL Action v3 📢

Announcement for users of this Action and code scanning workflows on GitHub.com:

  • You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
  • All code scanning workflows should continue to succeed regardless of the warning.
  • The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.

For more information, and to communicate with the maintaining team, please use this issue.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing your advanced setup for code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.

Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
actionsadvanced-securitycicode-scanningcodeqlsemmle-ql
Readme MIT 407 MiB
Languages
TypeScript 95.8%
Python 1.8%
CodeQL 1.2%
JavaScript 0.7%
Shell 0.3%