Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork1.5k
Add CodeQL workflow#368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Open
jorgectf wants to merge1 commit intobudtmo:masterChoose a base branch
base:master
Could not load branches
Branch not found:{{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline, and old review comments may become outdated.
Open
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
fa5f105 toc0368d3CompareSign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello fromGitHub Security Lab!
Your repository is critical to the security of the Open Source Software (OSS) ecosystem, and as part of our mission to make OSS safer, we are contributing aCodeQL configuration for code scanning to your repository. By enabling code scanning with CodeQL, you will be able to continuously analyze your code and surface potential vulnerabilitiesbefore they can even reach your codebase.
We’ve tested the configuration manually before opening this pull request and adjusted it to the needs of your particular repository, but feel free to tweak it further! Check this page for detailed documentation.
Questions? Check out the FAQ below!
FAQ
Click here to expand the FAQ section
How often will the code scanning analysis run?
By default, code scanning will trigger a scan with the CodeQL engine on the following events:
What will this cost?
Nothing! The CodeQL engine will run inside GitHub Actions, making use of yourunlimited free compute minutes for public repositories.
Where can I see the results of the analysis?
The results of the analysis will be available on theSecurity tab of your repository. You can find more information about the resultshere.
For Pull Requests, you can find the results of the analysis in theChecks tab. You can find more information about the Pull Request resultshere.
What types of problems does CodeQL find?
CodeQL queries are hosted in the
github/codeqlrepository.By default, code scanning runs the
defaultquery suite. The queries in thedefaultquery suite are highly precise and return few false positive code scanning results.If you are looking for a more comprehensive analysis, which could return a greater number of false positives, you can enable the
security-extendedquery suite in thequeriesoption ofgithub/codeql-action/init.In the event of finding a false positive, please create afalse positive Issue in
github/codeqlso we can investigate and improve the query in question. You can also contribute to the query by opening a pull request againstgithub/codeql.How do I customize the analysis?
You can customize the analysis by using a CodeQL configuration file. This way, you can specify which queries should [not] be run, and/or which files should be excluded from the analysis. You can find more information about the configuration filehere.
How do I upgrade my CodeQL engine?
No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.
The analysis doesn’t seem to be working
If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, pleasefollow the instructions here to debug the analysis.
Which source code hosting platforms does code scanning support?
GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.