jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 10:57:10 -05:00
Code Issues Projects Releases Wiki Activity
Files
03d469e9724d3b63b4cfee73d9e31ae6340ccabe
docs/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system.md
AlonaHlobina 5f01af06ec Update beta-codeql-runner.md (#21605) 
* Update beta-codeql-runner.md

* Rename beta-codeql-runner.md to deprecation-codeql-runner.md

* update reusable name

* Update about-codeql-code-scanning-in-your-ci-system.md

* Update running-codeql-code-scanning-in-a-container.md

* Update uploading-a-sarif-file-to-github.md

* Update sarif-support-for-code-scanning.md

* Update running-codeql-runner-in-your-ci-system.md

* Update configuring-codeql-cli-in-your-ci-system.md

* Update configuring-codeql-runner-in-your-ci-system.md

* Update running-codeql-runner-in-your-ci-system.md

* Update content/github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-code-scanning-in-your-ci-system.md

* Update configuring-codeql-cli-in-your-ci-system.md

* Apply suggestions from code review

Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>

* update codeql runner reusable

* add new article about runner to cli migration

* fix typo in new article title

* Update deprecation-codeql-runner.md

* Update deprecation-codeql-runner.md

* Apply suggestions from code review

* fix failing test

* fix failing test

* Update versioning to fix failing test

* add `codeql-cli-binaries` to allow list

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2021-09-21 13:12:11 -07:00

72 lines
5.4 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Troubleshooting CodeQL runner in your CI system
shortTitle: Troubleshoot CodeQL runner
intro: 'If you''re having problems with the {% data variables.product.prodname_codeql_runner %}, you can troubleshoot by using these tips.'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning-in-your-ci-system
- /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system
- /code-security/secure-coding/troubleshooting-codeql-code-scanning-in-your-ci-system
- /code-security/secure-coding/troubleshooting-codeql-runner-in-your-ci-system
- /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
versions:
fpt: '*'
ghes: '>=3.0'
ghae: '*'
type: how_to
topics:
- Advanced Security
- Code scanning
- CodeQL
- Troubleshooting
- Integration
- CI
---
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
{% data reusables.code-scanning.deprecation-codeql-runner %}
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.not-available %}
## The `init` command takes too long
Before the {% data variables.product.prodname_codeql_runner %} can build and analyze code, it needs access to the {% data variables.product.prodname_codeql %} bundle, which contains the {% data variables.product.prodname_codeql %} CLI and the {% data variables.product.prodname_codeql %} libraries.
When you use the {% data variables.product.prodname_codeql_runner %} for the first time on your machine, the `init` command downloads the {% data variables.product.prodname_codeql %} bundle to your machine. This download can take a few minutes.
The {% data variables.product.prodname_codeql %} bundle is cached between runs, so if you use the {% data variables.product.prodname_codeql_runner %} again on the same machine, it won't download the {% data variables.product.prodname_codeql %} bundle again.
To avoid this automatic download, you can manually download the {% data variables.product.prodname_codeql %} bundle to your machine and specify the path using the `--codeql-path` flag of the `init` command.
## No code found during the build
If the `analyze` command for the {% data variables.product.prodname_codeql_runner %} fails with an error `No source code was seen during the build`, this indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code. Several reasons can explain such a failure.
1. Automatic language detection identified a supported language, but there is no analyzable code of that language in the repository. A typical example is when our language detection service finds a file associated with a particular programming language like a `.h`, or `.gyp` file, but no corresponding executable code is present in the repository. To solve the problem, you can manually define the languages you want to analyze by using the `--languages` flag of the `init` command. For more information, see "[Configuring {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/configuring-codeql-runner-in-your-ci-system)."
1. You're analyzing a compiled language without using the `autobuild` command and you run the build steps yourself after the `init` step. For the build to work, you must set up the environment such that the {% data variables.product.prodname_codeql_runner %} can monitor the build process. The `init` command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the `init` command.
- On macOS and Linux:
```shell
$ . codeql-runner/codeql-env.sh
```
- On Windows, using the Command shell (`cmd`) or a batch file (`.bat`):
```shell
> call codeql-runner\codeql-env.bat
```
- On Windows, using PowerShell:
```shell
> cat codeql-runner\codeql-env.sh | Invoke-Expression
```
The environment variables are also stored in the file `codeql-runner/codeql-env.json`. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the `init` command, then you can use the data in JSON format instead.
{% note %}
**Note:** If you used the `--temp-dir` flag of the `init` command to specify a custom directory for temporary files, the path to the `codeql-env` files might be different.
{% endnote %}
1. You're analyzing a compiled language on macOS without using the `autobuild` command and you run the build steps yourself after the `init` step. If SIP (System Integrity Protection) is enabled, which is the default on recent versions of OSX, analysis might fail. To fix this, prefix the build command with the `$CODEQL_RUNNER` environment variable.
For example, if your build command is `cmd arg1 arg2`, you should run `$CODEQL_RUNNER cmd arg1 arg2`.
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
Reference in New Issue View Git Blame Copy Permalink