jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 19:06:49 -05:00
Code Issues Projects Releases Wiki Activity
Files
7ae698fb78aff71479a32f8efb8ff70a60d97a2c
docs/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning-in-your-ci-system.md
Shati Patel ae0d0f530e Code scanning troubleshooting: How to set up environment with CodeQL runner (#15746) 
* Code scanning troubleshooting: Set up environment with CodeQL runner

* Change "trace" to "monitor"

* Fix note syntax
2020-09-28 18:42:34 +01:00

52 lines
4.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Troubleshooting code scanning in your CI system
shortTitle: Troubleshooting in your CI
intro: 'If you''re having problems with the {{ site.data.variables.product.prodname_codeql_runner }}, you can troubleshoot by using these tips.'
product: '{{ site.data.reusables.gated-features.code-scanning }}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
---
{{ site.data.reusables.code-scanning.beta }}
{{ site.data.reusables.code-scanning.enterprise-enable-code-scanning }}
### The `init` command takes too long
Before the {{ site.data.variables.product.prodname_codeql_runner }} can build and analyze code, it needs access to the {{ site.data.variables.product.prodname_codeql }} bundle, which contains the {{ site.data.variables.product.prodname_codeql }} CLI and the {{ site.data.variables.product.prodname_codeql }} libraries.
When you use the {{ site.data.variables.product.prodname_codeql_runner }} for the first time on your machine, the `init` command downloads the {{ site.data.variables.product.prodname_codeql }} bundle to your machine. This download can take a few minutes.
The {{ site.data.variables.product.prodname_codeql }} bundle is cached between runs, so if you use the {{ site.data.variables.product.prodname_codeql_runner }} again on the same machine, it won't download the {{ site.data.variables.product.prodname_codeql }} bundle again.
To avoid this automatic download, you can manually download the {{ site.data.variables.product.prodname_codeql }} bundle to your machine and specify the path using the `--codeql-path` flag of the `init` command.
### No code found during the build
If the `analyze` command for the {{ site.data.variables.product.prodname_codeql_runner }} fails with an error `No source code was seen during the build`, this indicates that {{ site.data.variables.product.prodname_codeql }} was unable to monitor your code. Several reasons can explain such a failure.
1. Automatic language detection identified a supported language, but there is no analyzable code of that language in the repository. A typical example is when our language detection service finds a file associated with a particular programming language like a `.h`, or `.gyp` file, but no corresponding executable code is present in the repository. To solve the problem, you can manually define the languages you want to analyze by using the `--languages` flag of the `init` command. For more information, see "[Configuring {{ site.data.variables.product.prodname_code_scanning }} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning-in-your-ci-system)."
1. You're analyzing a compiled language without using the `autobuild` command and you run the build steps yourself after the `init` step. For the build to work, you must set up the environment such that the {{ site.data.variables.product.prodname_codeql_runner }} can monitor the code. The `init` command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the `init` command.
- On macOS and Linux:
```shell
$ . codeql-runner/codeql-env.sh
```
- On Windows, using the Command shell (`cmd`) or a batch file (`.bat`):
```shell
> call codeql-runner\codeql-env.bat
```
- On Windows, using PowerShell:
```shell
> cat codeql-runner\codeql-env.sh | Invoke-Expression
```
The environment variables are also stored in the file `codeql-runner/codeql-env.json`. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the `init` command, then you can use the data in JSON format instead.
{% note %}
**Note:** If you used the `--temp-dir` flag of the `init` command to specify a custom directory for temporary files, the path to the `codeql-env` files might be different.
{% endnote %}
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {{ site.data.variables.product.prodname_codeql_runner }} in the container or on the machine where your build task takes place.
Reference in New Issue View Git Blame Copy Permalink