jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-20 18:36:31 -05:00
Code Issues Projects Releases Wiki Activity
Files
2db9da5c8faaddf2a812d3adb95252d93d13a50c
docs/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md
Matt Pollard 2db9da5c8f [DO NOT MERGE] GitHub AE consumables beta megabranch (#17620) 
* Empty commit

* updated beta note for GHAE

* more GHAE update + resolve conflict

* more GHAE updates + prepare for screenshots

* Apply suggestions from code review

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* address remaining review comments

* Revise "About GitHub AE" (#17679)

* add screenshots to the Configuring article

* reworked to have a separate GHAE section

* list numbering

* more work on screenshots and conditions

* add GHAE screenshots in article

* review screenshots in article

* added more screenshots and updated more articles

* screenshot madness

* fix liquid versioning

* refactor the ghae script

* [GHAE CB/Feb 22]: Add article about data residency for GitHub AE (#17847)

* add missing GHAE versioning to article

* move screenshots to GHAE asset directory

* forgot to change the path for these two images

* replace CBB screenshot + add better screenshot

* [GHAE CB/Feb 22]: Document upgrades for GitHub AE (#17848)

* Version article for GitHub AE

* Replace unused variable

* Incorporate reviewer feedback

* Update intro

Co-authored-by: Ethan P <56270045+ethanpalm@users.noreply.github.com>

* [GHAE] Enable IP allow list (#17691)

* Notes for CC

* Updat permission leves chart

* Add updated article to further reading

* Update gated feature callout with GitHub AE

* Version "Managing allowed IP addresses for your organization" for AE

* Update images

* Update "Restricting network traffic to your enterprise" with new procedures

* remove todo note

* Update audited actions

* Update info about Premium Runners

* Use reusable for Premium Runners

* Change "Premium Runners" to "AE hosted runners"

* Incorporate reviewer feedback

* Use correct reusable

* Version reusable correctly

* [Feb 22] GHAE: Code scanning beta (#17830)

* Add "github-ae" to all the frontmatter

* GHAE-ify the reusables

* Add some more changes

* Re-use some content

* 🔪 Semmle links

* Revert change re "--external-repository-token" in the CodeQL runner

* Update CodeQL runner token scopes

* Update two screenshots

* Remove mention of GitHub.com from AE + other fixes

* Apply suggestions from code review

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

* Use `product_name` variable instead of `product_location`

* Remove confusing phrase

* [Feb 22] GHAE: Code scanning API and webhook docs (#17883)

* Version API and webhook docs

* Actually add versioning for GHAE

* Fix anchor

* [TEMPORARY] Preview for API endpoints

* Revert API previews

* Update procedure step

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

* Update docs for AzureAD Group SCIM support in GHAE (#17892)

* [GHAE CB] SMTP bootstrapping flow (#17888)

* draft

* update with AE conntent

* update with tons of versioning

* remove that  lie

* fill out the rest of these steps

* update with correct versioning

* more edits

* add images

* reversion most of ae article

* fix versioning

* format correctlly

* words matter

* last image

* update with permmissions

* update versioning

* add link

* apply feedback ❤️

* update with differrent spacing

* update with feedback

* more feedback

* Temporary GHAE release notes for consumables beta launch (#17859)

* Create release-notes.md

* Add frontmatter

* Add to index file

* Update github-ae-release-notes.md

* Add release notes from Google Doc

* Update finalized docs links that have been reviewed

* OAuth device flow link update

* version for AE

* few fixes

* Update content/admin/overview/github-ae-release-notes.md

* small edits

* whoops

* commit

* update with different links

* used wrong reusable

* fix more brokenness

* Update repository-references.js

* Update repository-references.js

Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

* [GHAE] Audit public repos (#17917)

* verifying what we mean by public

* Apply suggestions from code review

* Update content/developers/apps/installing-github-apps.md

Co-authored-by: Laura Coursen <lecoursen@github.com>

* fixing placememnt of liquid conditional

Co-authored-by: Laura Coursen <lecoursen@github.com>

* GHAE packages beta (#17786)

Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com>
Co-authored-by: Martin Lopes <martin389@github.com>

* fix broken links

* [GHAE CB/March 01]: GitHub Actions on GHAE (beta) (#17725)

* Added initial layout for premium runners

* Restructured content

* Added placeholder for removing premium runner

* Added versioning and warning note for self-hosted runners

* Added versioning and beta notice for actions content

* Rephrased beta note

* Added versioning for API docs, fixes

* Added versioning fixes

* Split Github-hosted and premium topics into separate articles

* Added edits

* Restructured some topics

* Revised "Using premium runners in a workflow"

* Some small fixes

* Fixed typo

* Added fixes to reusable

* Added edits

* Made section titles consistent

* Added billing, group mgmt, reusable steps

* Cropped certain screenshots for future-proofing

* Removed superfluous reusable

* Added fixes

* Revert "Cropped certain screenshots for future-proofing"

This reverts commit c7f24f31fa30d4fe3de2b63fc3cd5feba44ef518.

* Added new section for custom images

* Added versioning for enterprise-admin operations

* Added edits

* Added edits

* Update adding-premium-runners.md

* Removed SHR screenshots. Intending to update them when UI is available.

* Update using-labels-with-premium-runners.md

* Added custom labels section

* Added preview of API docs changes

* Added versioning for ip allow list section

* Removed removal article

* Renamed premium runners to AE hosted runners

* Re-added added API preview

* Fixed links, updated software specs

* Revised "Software specifications" based on feedback

* Fixed typos

* Small fixes

* Added new article "Creating custom images"

* Moved "Creating custom images" link

* Apply suggestions from code review

Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com>

* Added update from review

* Added updates from tech review

* Apply suggestions from code review

Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com>

* Added updates from tech review

* Added updates from tech review

* Added updates from tech review

* Added updates from tech review

* Fixed reusable

* Added fixes

* Added update from tech review

* Removed the dereferenced OpenAPI schema files

* Added fixes

* Fixed links

* Fixed links

* Apply suggestions from code review

Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com>

* Added updates from peer review

* Removed sections that are not in beta

* Update viewing-your-github-actions-usage.md

* Update viewing-job-execution-time.md

* Update index.md

* Update about-github-hosted-runners.md

* Restored versioning to match GHES approach

* Fixed link

* Restored self-hosted runner reference to UI steps.

* Updated screenshots

* Updated screenshots and procedures

* Small edits to screenshots

* Added AE url info for SHR

* Removed superfluous versioning

* Update security-hardening-for-github-actions.md

* Update actions-shared.md

* Small edits

* Update usage-limits-billing-and-administration.md

* Update managing-complex-workflows.md

* Additional versioning

* Additional versioning

* version environments api and checkrun deployments for ghae (#17991)

Co-authored-by: Martin Lopes <martin389@github.com>

* Update reviewing-the-audit-log-for-your-organization.md

* Added versioning for enterprise policy settings

* version configuring artifact retention for AE

* remove AE versioning for connecting to Marketplace

* Apply suggestions from code review

Co-authored-by: Joe Bourne <thejoebourneidentity@github.com>

* Update content/admin/github-actions/getting-started-with-github-actions-for-github-ae.md

Co-authored-by: Joe Bourne <thejoebourneidentity@github.com>

* rewording not public to private

* fixing liquid

* Fixed elseif entries

* Added expectations note

* Revised label management article for AE hosted runners

* Added enterprise-admin note for adding AE hosted runners

* Update enterprise-admin.md

* Update self-hosted-runner-security.md

* Versioned reusable for AE

* Empty commit for CI

Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com>
Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com>
Co-authored-by: Joe Bourne <thejoebourneidentity@github.com>
Co-authored-by: runleonarun <runleonarun@github.com>

* Update OpenAPI Descriptions for GHAE

* Update content/admin/overview/github-ae-release-notes.md

Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: shati-patel <shati-patel@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com>
Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com>
Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com>
Co-authored-by: Martin Lopes <martin389@github.com>
Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com>
Co-authored-by: Joe Bourne <thejoebourneidentity@github.com>
Co-authored-by: runleonarun <runleonarun@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
2021-03-01 16:07:02 -05:00

59 lines
4.9 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Troubleshooting CodeQL code scanning in your CI system
shortTitle: Troubleshooting in your CI
intro: 'If you''re having problems with the {% data variables.product.prodname_codeql_runner %}, you can troubleshoot by using these tips.'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning-in-your-ci-system
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
github-ae: '*'
---
{% data reusables.code-scanning.beta-codeql-runner %}
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.not-available %}
### The `init` command takes too long
Before the {% data variables.product.prodname_codeql_runner %} can build and analyze code, it needs access to the {% data variables.product.prodname_codeql %} bundle, which contains the {% data variables.product.prodname_codeql %} CLI and the {% data variables.product.prodname_codeql %} libraries.
When you use the {% data variables.product.prodname_codeql_runner %} for the first time on your machine, the `init` command downloads the {% data variables.product.prodname_codeql %} bundle to your machine. This download can take a few minutes.
The {% data variables.product.prodname_codeql %} bundle is cached between runs, so if you use the {% data variables.product.prodname_codeql_runner %} again on the same machine, it won't download the {% data variables.product.prodname_codeql %} bundle again.
To avoid this automatic download, you can manually download the {% data variables.product.prodname_codeql %} bundle to your machine and specify the path using the `--codeql-path` flag of the `init` command.
### No code found during the build
If the `analyze` command for the {% data variables.product.prodname_codeql_runner %} fails with an error `No source code was seen during the build`, this indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code. Several reasons can explain such a failure.
1. Automatic language detection identified a supported language, but there is no analyzable code of that language in the repository. A typical example is when our language detection service finds a file associated with a particular programming language like a `.h`, or `.gyp` file, but no corresponding executable code is present in the repository. To solve the problem, you can manually define the languages you want to analyze by using the `--languages` flag of the `init` command. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system)."
1. You're analyzing a compiled language without using the `autobuild` command and you run the build steps yourself after the `init` step. For the build to work, you must set up the environment such that the {% data variables.product.prodname_codeql_runner %} can monitor the code. The `init` command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the `init` command.
- On macOS and Linux:
```shell
$ . codeql-runner/codeql-env.sh
```
- On Windows, using the Command shell (`cmd`) or a batch file (`.bat`):
```shell
> call codeql-runner\codeql-env.bat
```
- On Windows, using PowerShell:
```shell
> cat codeql-runner\codeql-env.sh | Invoke-Expression
```
The environment variables are also stored in the file `codeql-runner/codeql-env.json`. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the `init` command, then you can use the data in JSON format instead.
{% note %}
**Note:** If you used the `--temp-dir` flag of the `init` command to specify a custom directory for temporary files, the path to the `codeql-env` files might be different.
{% endnote %}
1. You're analyzing a compiled language on macOS without using the `autobuild` command and you run the build steps yourself after the `init` step. If SIP (System Integrity Protection) is enabled, which is the default on recent versions of OSX, analysis might fail. To fix this, prefix the build command with the `$CODEQL_RUNNER` environment variable.
For example, if your build command is `cmd arg1 arg2`, you should run `$CODEQL_RUNNER cmd arg1 arg2`.
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place. For more information, see "[Running CodeQL code scanning in a container](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container)."
Reference in New Issue View Git Blame Copy Permalink