You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The results will be stored in /tmp/express/results/issues.sarif
32
32
33
-
To find a list of installed QL packs in the container:
33
+
To find a list of QL packs installed in the container:
34
34
35
35
```
36
36
docker run --rm --name codeql-container -e CODEQL_CLI_ARGS="resolve qlpacks" mcr.microsoft.com/cstsectools/codeql-container
37
37
```
38
38
39
-
### Basic Usage
40
-
41
-
#### Downloading a pre-built container
39
+
### Downloading a pre-built container
42
40
43
-
We keep updating the docker image periodically and uploading it to the Microsoft Container Registry at: mcr.microsoft.com/codeql/codeql-container.
41
+
We keep updating the docker image periodically and uploading it to the Microsoft Container Registry at: ```mcr.microsoft.com/codeql/codeql-container```.
The codeQL container executes one codeQL command per invocation. We kept this design decision because it makes it easy for the user to run any codeQL command, and not be bound by the automation scripts inside the container.
50
47
51
-
So, if you want to analyze a particular source directory with the container, you start by running the container as:
48
+
49
+
### Building the container from Dockerfile
50
+
51
+
Building the container should be pretty straightforward.
The codeQL container executes one codeQL command per invocation. We designed it this way because it makes it easy for the user to run any codeQL command, and not be bound by the automation scripts inside the container.
62
+
63
+
The basic example format of the container invocation is as follows:
This argument will create a codeQL db of your project (that you have mapped to the /opt/src folder above) in the /opt/results folder, which maps to /dir/for/results above on your local computer.
80
+
it will create a codeQL db of your project (in ```/dir/to/analyze```) in the ```/dir/for/results``` folder.
69
81
70
-
> **Note:** If you map your source volume to some other mountpoint other than /opt/src, you will have to make the corresponding changes
82
+
> **Note:** If you map your source volume to some other mount point other than /opt/src, you will have to make the corresponding changes
71
83
> in the `CODEQL_CLI_ARGS`.
72
84
73
85
There are some additional docker environment flags that you can set/unset to control the execution of the container:
@@ -85,29 +97,23 @@ For example, if you want to analyze a python project source code placed in `/dir
85
97
to analyze and get a SARIF result file, you will have to run:
Analyzing a source directory takes multiple invocations of the container, as mentioned above. To help with that, we've built some scripts for convenience, which does these invocations for you.
107
114
These scripts are in the ```scripts``` folder, under their respective platforms (unix or windows).
108
115
109
-
110
-
##### analyze_security.sh
116
+
#### analyze_security.sh
111
117
scripts/unix/analyze_security.sh (or scripts/windows/analyze_security.bat for windows) runs the Security and Quality QL pack suite on your project. This is how you would run it:
If you know which QL suite you would like to run on the code to be analyzed, use scripts/unix/run_qlpack.sh (or scripts/windows/run_qlpack.bat for windows).
134
+
#### run_qlpack.sh
135
+
If you know which QL suite you would like to run on the code, use scripts/unix/run_qlpack.sh (or scripts/windows/run_qlpack.bat for windows).
130
136
131
137
```
132
138
scripts/unix/run_qlpack.sh /path/to/analyze /path/to/results language qlpack
0 commit comments