jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 11:54:18 -05:00
Code Issues Projects Releases Wiki Activity

Deprecate 3.12 (#55505)

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
This commit is contained in:
Kevin Heis
2025-05-06 11:25:53 -07:00
committed by GitHub
parent d6dfa5c6e3
commit 1cd5e13652
166 changed files with 134 additions and 929425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
View File

@@ -255,12 +255,8 @@ If your codebase depends on a library or framework that is not recognized by the
{% data reusables.code-scanning.beta-model-packs %}
{% ifversion codeql-threat-models %}
### Using {% data variables.product.prodname_codeql %} model packs
{% endif %}
To add one or more published {% data variables.product.prodname_codeql %} model packs, specify them inside the `with: packs:` entry within the `uses: {% data reusables.actions.action-codeql-action-init %}` section of the workflow. Within `packs` you specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that are not publicly available, you need to set the `GITHUB_TOKEN` environment variable to a secret that has access to the packages. For more information, see [AUTOTITLE](/actions/security-guides/automatic-token-authentication) and [AUTOTITLE](/actions/security-guides/encrypted-secrets).
``` yaml copy
@@ -440,16 +436,12 @@ packs:
{% endraw %}
{% ifversion codeql-threat-models %}
### Extending {% data variables.product.prodname_codeql %} coverage with threat models
{% data reusables.code-scanning.beta-threat-models %}
The default threat model includes remote sources of untrusted data. You can extend the {% data variables.product.prodname_codeql %} threat model to include local sources of untrusted data (for example: command-line arguments, environment variables, file systems, and databases) by specifying `threat-models: local` in a custom configuration file. If you extend the threat model, the default threat model will also be used.
{% endif %}
### Specifying additional queries
You specify additional queries in a `queries` array. Each element of the array contains a `uses` parameter with a value that identifies a single query file, a directory containing query files, or a query suite definition file.