jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-08 03:01:54 -05:00
Code Issues Projects Releases Wiki Activity
Files
3df90fc9b811728a9b7ee45f598f9ae196783b54
docs/translations/ru-RU/content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-action-for-compiled-languages.md
Vanessa Yuen 3df90fc9b8 Hello git history spelunker! 
Are you looking for something? Here is all of the GitHub Docs history in one single commit. Enjoy! 🎉
2020-09-27 14:10:11 +02:00

8.0 KiB
Raw Blame History

title, shortTitle, intro, product, permissions, redirect_from, versions
title shortTitle intro product permissions redirect_from versions
Configuring the CodeQL action for compiled languages Configuring for compiled languages You can configure how {{ site.data.variables.product.prodname_dotcom }} uses the {{ site.data.variables.product.prodname_codeql_workflow }} to scan code written in compiled languages for vulnerabilities and errors. {{ site.data.reusables.gated-features.code-scanning }} People with write permissions to a repository can configure {{ site.data.variables.product.prodname_code_scanning }} for the repository.
/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning-for-compiled-languages
free-pro-team enterprise-server
* >=2.22

{{ site.data.reusables.code-scanning.beta }} {{ site.data.reusables.code-scanning.enterprise-enable-code-scanning-actions }}

About the {{ site.data.variables.product.prodname_codeql_workflow }} and compiled languages

You enable {{ site.data.variables.product.prodname_dotcom }} to run {{ site.data.variables.product.prodname_code_scanning }} for your repository by adding a {{ site.data.variables.product.prodname_actions }} workflow to the repository. For {{ site.data.variables.product.prodname_codeql }} {{ site.data.variables.product.prodname_code_scanning }}, you add the {{ site.data.variables.product.prodname_codeql_workflow }}. For more information, see "Enabling {{ site.data.variables.product.prodname_code_scanning }} for a repository."

{{ site.data.reusables.code-scanning.edit-workflow }} For general information about configuring {{ site.data.variables.product.prodname_code_scanning }} and editing workflow files, see "Configuring {{ site.data.variables.product.prodname_code_scanning }}" and "Configuring a workflow."

About autobuild for {{ site.data.variables.product.prodname_codeql }}

{{ site.data.reusables.code-scanning.autobuild-compiled-languages }}

{% note %}

Note: If you use self-hosted runners for {{ site.data.variables.product.prodname_actions }}, you may need to install additional software to use the autobuild process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. For more information, see "Software installed on GitHub-hosted runners."

{% endnote %}

C/C++

Supported system type System name
Operating system Windows and Linux
Build system Autoconf, CMake, qmake, Meson, Waf, SCons, and Linux Kbuild

The behavior of the autobuild step varies according to the operating system that the extraction runs on. On Windows, the step has no default actions. On Linux, this step reviews the files present in the repository to determine the build system used:

  1. Look for a build system in the root directory.
  2. If none are found, search subdirectories for a unique directory with a build system for C/C++.
  3. Run an appropriate command to configure the system.

C

Supported system type System name
Operating system Windows and Linux
Build system .NET and MSbuild, as well as build scripts

The autobuild process attempts to autodetect a suitable build method for C# using the following approach:

  1. Invoke dotnet build on the solution (.sln) or project (.csproj) file closest to the root.
  2. Invoke MSbuild (Linux) or MSBuild.exe (Windows) on the solution or project file closest to the root. If autobuild detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
  3. Invoke a script that looks like a build script—build and build.sh (in that order, for Linux) or build.bat, build.cmd, and build.exe (in that order, for Windows).

Java

Supported system type System name
Operating system Windows, macOS and Linux (no restriction)
Build system Gradle, Maven and Ant

The autobuild process tries to determine the build system for Java codebases by applying this strategy:

  1. Search for a build file in the root directory. Check for Gradle then Maven then Ant build files.
  2. Run the first build file found. If both Gradle and Maven files are present, the Gradle file is used.
  3. Otherwise, search for build files in direct subdirectories of the root directory. If only one subdirectory contains build files, run the first file identified in that subdirectory (using the same preference as for 1). If more than one subdirectory contains build files, report an error.

Adding build steps for a compiled language

{{ site.data.reusables.code-scanning.autobuild-add-build-steps }} For information about editing the workflow, see "Configuring {{ site.data.variables.product.prodname_code_scanning }}."

After removing the autobuild step, uncomment the run step and add build commands that are suitable for your repository. The workflow run step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.

- run: |
  make bootstrap
  make release

For more information about the run keyword, see "Workflow syntax for {{ site.data.variables.product.prodname_actions }}."

You can also use a build matrix to update the workflow to build more than one compiled language, if this is the appropriate approach for your system and doesn't cause conflicts. For more information, see "Configuring a build matrix."

For example, the workflow below runs one job for C/C++ analysis, and another job for Java analysis.


name: "CodeQL"

on:
  push:
    branches: [main, ]
  pull_request:
    branches: [main]

jobs:
  CodeQL-Build:

    strategy:
      fail-fast: false
      matrix:
        language: ['cpp', 'java']

{% if currentVersion ver_gt "enterprise-server@2.21" %}    runs-on: self-hosted
{% else %}    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
    runs-on: ubuntu-latest{% endif %}

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${% raw %}{{ matrix.language }}{% endraw %}

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually.
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1

For more tips and tricks about why autobuild won't build your code, see "Troubleshooting {{ site.data.variables.product.prodname_code_scanning }}".

If you added manual build steps for compiled languages or used a build matrix and {{ site.data.variables.product.prodname_code_scanning }} is still not working on your repository, contact {{ site.data.variables.contact.contact_support }}.

Reference in New Issue View Git Blame Copy Permalink