jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Code scanning default setup is available for all CodeQL supported languages **excluding Swift** (#38182)

Browse Source 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Dorothy Mitchell <dorothymitchell@github.com>
This commit is contained in:
Ben Ahmady
2023-06-29 13:19:13 +01:00
committed by GitHub
parent 79640c9ecc
commit 570fdaf56f
4 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale.md
View File

@@ -49,6 +49,17 @@ You can use the organization settings page for "Code security and analysis" to e
A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.
{% ifversion code-scanning-without-workflow-310 %}
- {% data variables.product.prodname_code_scanning_caps %} is not already enabled.
- {% data variables.product.prodname_actions %} are enabled.
- Uses {% ifversion code-scanning-default-setup-go %} Go, {% endif %}JavaScript/TypeScript, Python, or Ruby.{% ifversion fpt %}
- Publicly visible.{%- elsif ghec %}
- Publicly visible, or {% data variables.product.prodname_GH_advanced_security %} is enabled.{%- elsif ghes or ghae %}
- {% data variables.product.prodname_GH_advanced_security %} is enabled.{% endif %}
{% else %}
- {% data variables.product.prodname_code_scanning_caps %} is not already enabled.
- {% data variables.product.prodname_actions %} are enabled.
- Uses {% ifversion code-scanning-default-setup-go %} Go, {% endif %}JavaScript/TypeScript, Python, or Ruby.
@@ -57,6 +68,8 @@ A repository must meet all the following criteria to be eligible for default set
{%- elsif ghec %}Publicly visible, or {% data variables.product.prodname_GH_advanced_security %} is enabled.
{%- elsif ghes or ghae %}{% data variables.product.prodname_GH_advanced_security %} is enabled.{% endif %}
{% endif %}
{% data reusables.code-scanning.limitation-org-enable-all %}
For more information about default setup, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)." For information on editing security and analysis settings for an organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."

24
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository.md
View File

@@ -60,7 +60,29 @@ Enterprise owners, organization and repository administrators can add self-hoste
The default setup for {% data variables.product.prodname_code_scanning %} will automatically configure {% data variables.product.prodname_code_scanning %} with the best settings for your repository. Default setup uses {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_codeql %} analysis without requiring you to commit a workflow file to your repository.
Your repository is eligible for default setup if it uses {% data variables.product.prodname_actions %} and contains only the following {% data variables.product.prodname_codeql %}-supported languages:{% ifversion code-scanning-default-setup-go %} Go, {% endif %}JavaScript/TypeScript, Python, or Ruby. While you can use default setup if your repository includes languages that aren't supported by CodeQL, such as R, you must use the advanced setup if you include {% data variables.product.prodname_codeql %}-supported languages other than those previously listed. For more information on {% data variables.product.prodname_codeql %}-supported languages, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql)."{% ifversion org-enable-code-scanning %} For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."{% endif %}
{% ifversion code-scanning-without-workflow-310 %}
Your repository is eligible for default setup if it uses {% data variables.product.prodname_actions %} and contains any {% data variables.product.prodname_codeql %}-supported language{% ifversion codeql-swift-beta %} except for Swift. If your repository contains Swift, it must also contain at least one other {% data variables.product.prodname_codeql %}-supported language to be eligible for default setup. If you would like to analyze Swift code, you must use an advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#creating-an-advanced-setup)."{% endif %}
You can use default setup if your repository includes languages that aren't supported by {% data variables.product.prodname_codeql %}, such as R. For more information on {% data variables.product.prodname_codeql %}-supported languages, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql)."{% ifversion org-enable-code-scanning %} For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."{% endif %}
{% data reusables.code-scanning.default-setup-automatic %}
{% ifversion code-scanning-without-workflow-310 %}
{% note %}
**Note:** If your repository contains _only_ {% data variables.product.prodname_codeql %}-supported compiled languages (for example, Java), then you will be taken to the configuration page to select the languages you want to add to your default setup configuration.
{% endnote %}
{% endif %}
{% else %}
Your repository is eligible for default setup if it uses {% data variables.product.prodname_actions %} and contains only the following {% data variables.product.prodname_codeql %}-supported languages:{% ifversion code-scanning-default-setup-go %} Go,{% endif %} JavaScript/TypeScript, Python, or Ruby. While you can use default setup if your repository includes languages that aren't supported by {% data variables.product.prodname_codeql %}, such as R, you must use the advanced setup if you include {% data variables.product.prodname_codeql %}-supported languages other than those previously listed. For more information on {% data variables.product.prodname_codeql %}-supported languages, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql)."{% ifversion org-enable-code-scanning %} For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."{% endif %}
{% endif %}
{% data reusables.code-scanning.default-setup-automatic %}

8
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages.md
View File

@@ -38,9 +38,13 @@ topics:
{% data reusables.code-scanning.autobuild-compiled-languages %}
{% ifversion code-scanning-without-workflow %}
{% ifversion code-scanning-without-workflow-310 %}
For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can use the default setup, which analyzes your code and automatically configures your {% data variables.product.prodname_code_scanning %}, or the advanced setup, which generates a workflow file you can edit. Currently, the default setup does not support any compiled languages, so you must use the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#creating-an-advanced-setup)."
For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can use the default setup, which analyzes your code and automatically configures your {% data variables.product.prodname_code_scanning %}, or the advanced setup, which generates a workflow file you can edit. The default setup can analyze all compiled languages supported by {% data variables.product.prodname_codeql %}{% ifversion codeql-swift-beta %} except for Swift, for which you must use the advanced setup{% endif %}. For more information about the advanced setup, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#creating-an-advanced-setup)."
{% elsif code-scanning-without-workflow %}
For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can use the default setup, which analyzes your code and automatically configures your {% data variables.product.prodname_code_scanning %}, or the advanced setup, which generates a workflow file you can edit. The default setup does not support any compiled languages, so you must use the advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#creating-an-advanced-setup)."
{% else %}

2
data/reusables/code-scanning/default-setup-automatic.md
View File

@@ -1,5 +1,5 @@
{% ifversion code-scanning-default-setup-automatic-311 %}
If the code in a repository changes to include {% ifversion code-scanning-default-setup-go %}Go, {% endif %}JavaScript/TypeScript, Python, or Ruby, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so that the repository does not lose {% data variables.product.prodname_code_scanning %} coverage.
If the code in a repository changes to include {% ifversion code-scanning-default-setup-go %}Go, {% endif %}JavaScript/TypeScript, Python, or Ruby, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so that the repository does not lose {% data variables.product.prodname_code_scanning %} coverage. Compiled languages are not automatically included in the default setup configuration because they often require more advanced configuration, but you can manually add any {% data variables.product.prodname_codeql %}-supported compiled language{% ifversion codeql-swift-beta %} other than Swift{% endif %} to your default setup configuration.
{% endif %}