Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge main into releases/v3 #2529

Merged
merged 33 commits into from
Oct 7, 2024
Merged

Merge main into releases/v3 #2529

Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
6fc72c1
Add basic Rust support for internal testing
Sep 18, 2024
a66a5fe
Bump the npm group with 3 updates
dependabot[bot] Oct 2, 2024
f0c7f1d
Update checked-in dependencies
github-actions[bot] Oct 2, 2024
08bec82
Update default bundle to codeql-bundle-v2.19.1
github-actions[bot] Oct 2, 2024
4beccf7
Add changelog note
github-actions[bot] Oct 2, 2024
868284b
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1
angelapwen Oct 3, 2024
35de01e
Update supported GitHub Enterprise Server versions
github-actions[bot] Oct 3, 2024
15f615c
Add a deprecation warning for CodeQL <=2.14.5
henrymercer Oct 3, 2024
01007b8
Fix new lines in update supported GHES versions PR
henrymercer Oct 3, 2024
955d001
Extract runGitCommand()
cklin Oct 3, 2024
d64cca4
Rename determineMergeBaseCommitOid()
cklin Oct 3, 2024
495ca58
Update changelog and version after v3.26.11
github-actions[bot] Oct 3, 2024
a83506b
Update checked-in dependencies
github-actions[bot] Oct 3, 2024
15649f6
Mergeback v3.26.11 refs/heads/releases/v3 into main (#2523)
angelapwen Oct 3, 2024
8b33300
Merge pull request #2521 from github/cklin/run-git-command
cklin Oct 3, 2024
873c91c
Update README with detailed information
aeisenberg Aug 7, 2024
c768f67
Clean up README
aeisenberg Aug 9, 2024
3b143d4
Update readme
aeisenberg Oct 3, 2024
bed2a47
Update autobuild/action.yml
aeisenberg Oct 4, 2024
76aafb9
Merge pull request #2520 from github/update-supported-enterprise-serv…
henrymercer Oct 4, 2024
6c8758f
Fix changelog note section
henrymercer Oct 4, 2024
215ff9c
Merge pull request #2525 from github/henrymercer/fix-changelog-section
henrymercer Oct 4, 2024
46d955c
Merge pull request #2415 from aeisenberg/aeisenberg/update-readme-1
aeisenberg Oct 4, 2024
057e1ec
Check zstd is on the path in addition to tar version
henrymercer Oct 4, 2024
64871a8
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1
angelapwen Oct 4, 2024
1532671
Update default bundle to 2.19.1 (#2519)
angelapwen Oct 4, 2024
8a56dd2
Update to @actions/core 1.11.1
aeisenberg Oct 4, 2024
7cf65a5
Merge pull request #2518 from github/dependabot/npm_and_yarn/npm-8815…
aeisenberg Oct 4, 2024
56d1975
Merge pull request #2489 from github/redsun82/rust
redsun82 Oct 7, 2024
bf2e624
Update src/tar.ts
henrymercer Oct 7, 2024
d65a176
Rebuild
github-actions[bot] Oct 7, 2024
c9a70ff
Merge pull request #2526 from github/henrymercer/check-zstd-on-path
henrymercer Oct 7, 2024
570aecb
Update changelog for v3.26.12
github-actions[bot] Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update README with detailed information 
Update `README.md` to include detailed information about inputs, workflow permissions, build modes, and actions.

* **Inputs**: Add a section on inputs, including the `config` option, `languages`, `queries`, `packs`, `db-location`, `ram`, `threads`, and `source-root`.
* **Workflow Permissions**: Add a section on workflow permissions required for the actions.
* **Build Modes**: Add a section explaining the different build modes available for the actions (`none`, `autobuild`, `manual`).
* **Actions**: Add a section describing the different actions (`init`, `autobuild`, `analyze`, `upload-sarif`, `resolve-environment`, `start-proxy`) and how to use them, with links to the relevant documentation on GitHub.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/github/codeql-action?shareId=XXXX-XXXX-XXXX-XXXX).
  • Loading branch information
@aeisenberg
aeisenberg committed Oct 3, 2024
commit 873c91c4f7ae92acbff61a600e8c8bf7e58c495d
34 changes: 33 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,42 @@ We recommend using default setup to configure CodeQL analysis for your repositor

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."

### Permissions
### Inputs

The CodeQL Action supports various inputs to customize the analysis. Here are some important inputs:

- `config`: Path of the config file to use. This input allows you to specify a custom configuration file for the analysis.
- `languages`: A comma-separated list of CodeQL languages to analyze.
- `queries`: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
- `packs`: Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not specified, then the latest version of the pack is used. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of packs.
- `db-location`: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
- `ram`: The amount of memory in MB that can be used by CodeQL extractors.
- `threads`: The number of threads that can be used by CodeQL extractors.
- `source-root`: Path of the root source code directory, relative to $GITHUB_WORKSPACE.

### Workflow Permissions

All advanced setup code scanning workflows must have the `security-events: write` permission. Workflows in private repositories must additionally have the `contents: read` permission. For more information, see "[Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)."

### Build Modes

The CodeQL Action supports different build modes for analyzing the source code. The available build modes are:

- `none`: The database will be created without building the source code. Available for all interpreted languages and some compiled languages.
- `autobuild`: The database will be created by attempting to automatically build the source code. Available for all compiled languages.
- `manual`: The database will be created by building the source code using a manually specified build command. To use this build mode, specify manual build steps in your workflow between the `init` and `analyze` steps. Available for all compiled languages.

### Actions

The CodeQL Action includes several actions that can be used in your workflows. Here are the available actions and how to use them:

- `init`: Sets up CodeQL for analysis. For more information, see the [init action documentation](https://github.com/github/codeql-action/blob/main/init/action.yml).
- `autobuild`: Attempts to automatically build the code. For more information, see the [autobuild action documentation](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
- `analyze`: Finalizes the CodeQL database and runs the analysis. For more information, see the [analyze action documentation](https://github.com/github/codeql-action/blob/main/analyze/action.yml).
- `upload-sarif`: Uploads a SARIF file to Code Scanning. For more information, see the [upload-sarif action documentation](https://github.com/github/codeql-action/blob/main/upload-sarif/action.yml).
- `resolve-environment`: Attempts to infer a build environment suitable for automatic builds. For more information, see the [resolve-environment action documentation](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
- `start-proxy`: Starts an HTTP proxy server. For more information, see the [start-proxy action documentation](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).

## Supported versions of the CodeQL Action

The following versions of the CodeQL Action are currently supported:
Expand Down