Skip to content

ghas-results/gh-codeql-scan

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
.github
.github
 
 
bin
bin
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
SUPPORT.md
SUPPORT.md
 
 
gh-codeql-scan
gh-codeql-scan
 
 

Repository files navigation

gh-codeql-scan

GitHub CLI CodeQL Scan Extension to help abstract CodeQL away from users.

Requirements

Install and Setup

This installs CodeQL and this scan tool:

gh extensions install github/gh-codeql
gh extensions install advanced-security/gh-codeql-scan

gh codeql-scan --help

A couple of tips and tricks:

# Create an alias to make things even easier
alias codeql-scan="gh codeql-scan"

Usage

The main use of the script is to automatically run CodeQL in a number of modes.

# End-to-end analysis and upload results
gh codeql-scan
# `init` mode: Create only the Codeql database
gh codeql-scan init --auto-detect
# or manually set language
gh codeql-scan init -l=java 
# Compiled languages -  pass in build command
gh codeql-scan -c "mvn build ..."
# Compiled languages - complicated build process using indirect build tracing
gh codeql-scan init
echo "password=$password" > settings.xml
mvn build --random-custom=flags
gh codeql-scan analyze
# `analyze` mode: Run query-suites on an existing database (auto-detects databases)
gh codeql-scan analyze
# `upload` mode: Upload all SARIF files
gh codeql-scan upload

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

Maintainers

  • @GeekMasher

Support

Support is via GitHub Issues

Acknowledgement

About

GH CLI CodeQL Scan Extension

Topics

advanced-security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

13 tags

Packages

No packages published

Languages

  • Shell 100.0%