jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-05 21:04:17 -05:00
Code Issues Projects Releases Wiki Activity

Merge pull request #25484 from github/repo-sync

Browse Source 
repo sync
This commit is contained in:
Octomerger Bot
2023-05-10 04:38:53 -04:00
committed by GitHub
parent 55c65cf947 247951930d
commit 280c47525d
2 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning.md
View File

@@ -388,7 +388,7 @@ You can also specify query suites in the value of `queries`. Query suites are co
``` yaml{:copy}
- uses: {% data reusables.actions.action-codeql-action-init %}
with:
# Comma-separated list of queries / packs / suites to run.
# Comma-separated list of queries / packs / suites to run.
# This may include paths or a built in suite, for example:
# security-extended or security-and-quality.
queries: security-extended
@@ -571,6 +571,48 @@ You can quickly analyze small portions of a monorepo when you modify code in spe
{% data reusables.code-scanning.example-configuration-files %}
{% ifversion code-scanning-config-input %}
## Specifying configuration details using the `config` input
If you'd prefer to specify additional configuration details in the workflow file, you can use the `config` input of the `init` command of the {% data variables.product.prodname_codeql %} action. The value of this input must be a YAML string that follows the configuration file format documented at "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#using-a-custom-configuration-file)" above.
### Example configuration
This step in a {% data variables.product.prodname_actions %} workflow file uses a `config` input to disable the default queries, add the `security-extended` query suite, and exclude queries that are tagged with `cwe-020`.
```yaml
- uses: {% data reusables.actions.action-codeql-action-init %}
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
config: |
disable-default-queries: true
queries:
- uses: security-extended
query-filters:
- exclude:
tags: /cwe-020/
```
You can use the same approach to specify any valid configuration options in the workflow file.
{% tip %}
**Tip:**
You can share one configuration across multiple repositories using {% data variables.product.prodname_actions %} variables. One benefit of this approach is that you can update the configuration in a single place without editing the workflow file.
In the following example, `vars.CODEQL_CONF` is a {% data variables.product.prodname_actions %} variable. Its value can be the contents of any valid configuration file. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows)."
```yaml
- uses: {% data reusables.actions.action-codeql-action-init %}
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
config: {% raw %}${{ vars.CODEQL_CONF }}{% endraw %}
```
{% endtip %}
{% endif %}
## Configuring {% data variables.product.prodname_code_scanning %} for compiled languages
{% data reusables.code-scanning.autobuild-compiled-languages %} {% data reusables.code-scanning.analyze-go %}

6
data/features/code-scanning-config-input.yml Normal file
View File

@@ -0,0 +1,6 @@
# Versions that support the `config` input in the `github/codeql-action/init@v2`` action
versions:
fpt: '*'
ghec: '*'
ghes: '>3.9'
ghae: '>3.9'