|
- codeql - How does the autobuild step work in Github Advanced Security . . .
The CodeQL analysis is not limited to just the projects that were built in the current pipeline run It analyzes the entire codebase in the repository Therefore, if there are issues in the other NET projects in your repository, they will be flagged by the CodeQL analysis Please refer to the official doc Code Scanning for more detials
- CodeQL in Github not showing found issues for custom queries
I am running CodeQL inside a private organization with advanced security enabled It is working good for default queries The queries security-extended and security-and-quality are executed, result
- Enable Disable CodeQL code scanning for a repo using Github Rest API . . .
However, if you have already set up CodeQL code scanning manually you could maybe use the REST API endpoints for disabling and enabling the already existing code scanning workflow Disabling CodeQL code scanning (through the REST API) seems like a rather uncommon use case Could you explain your use case a bit more in detail?
- CodeQL analyzer not working - Stack Overflow
Find an example repo here: ghas-demo designed for GitHub workflows However, it also applies to Azure DevOps Just import the repo to DevOps, then create a Yaml pipeline by following the steps mentioned in Configure GitHub Advanced Security for Azure DevOps For example: pool: vmImage: ubuntu-latest steps: - task: AdvancedSecurity-Codeql-Init@1 inputs: languages: 'java' - task: AdvancedSecurity
- Custom CodeQL query in Azure DevOps in yaml pipeline gives error: No . . .
The task AdvancedSecurity-Codeql-Init@1 points to a codeqlconfig yaml file and in this file I point to a simple todo codeql query This is afaik how it has to be done according to the documentation I have read eg: Analysis with custom queries I once wrote the wrong path the codeql query
- Inline suppressing of warnings with Github CodeQL
CodeQL reports some true and some false positive for a specific rule Is there a way to mark a Python codeline so that the check is ignored by CodeQL? Similar, for example to # noqa for Python flak
- Codeql failing to scan github repository storing only java code
Now as I'm trying to scan this by codeql, it was trying to autobuild it without success After investigating it online I understood that only specific type of projects can work with autobuild hence I went back to Eclipes and converted my project to maven
- Is there a way to exclude files from CodeQL scanning on GitHub
Is there a way to exclude files from CodeQL scanning on GitHub Ask Question Asked 3 years, 5 months ago Modified 1 year, 1 month ago
|
|
|