Retitling / minor reconfiguration of 'Configuring the CodeQL workflow for compiled languages'
This commit is contained in:
Ben Ahmady
@@ -14,7 +14,7 @@ versions:
|
||||
{% data reusables.code-scanning.beta %}
|
||||
{% data reusables.code-scanning.codeql-action-version-ghes %}
|
||||
|
||||
If an automatic build of code for a compiled language within your project fails, try removing the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and adding specific build steps. For more information about replacing the `autobuild` step, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
If an automatic build of code for a compiled language within your project fails, try removing the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and adding specific build steps. For more information about replacing the `autobuild` step, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages {% data variables.code-scanning.compiled_languages %}, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default {% data variables.product.prodname_codeql %} analysis workflow uses such a matrix.
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ If your {% data variables.product.prodname_codeql %} analysis scans fewer lines
|
||||
## Replace the `autobuild` step
|
||||
|
||||
Replace the `autobuild` step with the same build commands you would use in production. This makes sure that {% data variables.product.prodname_codeql %} knows exactly how to compile all of the source files you want to scan.
|
||||
For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
## Inspect the copy of the source files in the {% data variables.product.prodname_codeql %} database
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ If your workflow fails with `Error: "No source code was seen during the build"`
|
||||
|
||||
For more information, see the workflow extract in "[AUTOTITLE](/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed-for-a-compiled-language)".
|
||||
|
||||
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
1. Your workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
|
||||
|
||||
@@ -46,4 +46,4 @@ If your workflow fails with `Error: "No source code was seen during the build"`
|
||||
|
||||
If you encounter another problem with your specific compiler or configuration, contact {% data variables.contact.contact_support %}.
|
||||
|
||||
For more information about specifying build steps, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
For more information about specifying build steps, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
Reference in New Issue
Block a user