jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-20 10:28:40 -05:00
Code Issues Projects Releases Wiki Activity

[DSP, already shipped] Code scanning: Small update for change from head to merge commit for attribution (#16169)

Browse Source 
* Small update for change from head to merge commit for attribution

* Simplify the sentence about when codescan is run against PRs

Whether it does attribution using a comparison of the HEAD commit
or a merge into a temporary copy of the default branch
is too much information here.
This commit is contained in:
hubwriter
2020-10-26 14:47:27 +00:00
committed by GitHub
parent a4bc1a6d7c
commit 6487712b15
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md
View File

@@ -48,7 +48,7 @@ By default, the {% data variables.product.prodname_codeql_workflow %} uses the `
#### Scanning pull requests
The default {% data variables.product.prodname_codeql_workflow %} uses the `pull_request` event to trigger a code scan on the `HEAD` commit of a pull request against the default branch. {% if currentVersion ver_gt "enterprise-server@2.21" %}The `pull_request` event is not triggered if the pull request was opened from a private fork.{% else %}If a pull request is from a private fork, the `pull_request` event will only be triggered if you've selected the "Run workflows from fork pull requests" option in the repository settings. For more information, see "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks)."{% endif %}
The default {% data variables.product.prodname_codeql_workflow %} uses the `pull_request` event to trigger a code scan on pull requests targeted against the default branch. {% if currentVersion ver_gt "enterprise-server@2.21" %}The `pull_request` event is not triggered if the pull request was opened from a private fork.{% else %}If a pull request is from a private fork, the `pull_request` event will only be triggered if you've selected the "Run workflows from fork pull requests" option in the repository settings. For more information, see "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks)."{% endif %}
For more information about the `pull_request` event, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags)."
@@ -150,8 +150,6 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Set up Python
uses: actions/setup-python@v2
with:
@@ -165,8 +163,6 @@ jobs:
# Set the `CODEQL-PYTHON` environment variable to the Python executable
# that includes the dependencies
echo "::set-env name=CODEQL_PYTHON::$(which python)"
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with: