jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 10:57:10 -05:00
Code Issues Projects Releases Wiki Activity
Files
ab288ad20a27563e97a917074c5500abed814e3f
docs/content/code-security/secure-coding/troubleshooting-codeql-runner-in-your-ci-system.md
Rachael Sewell 46fda7b959 [DO NOT MERGE] GitHub Enterprise Server 3.1 release candidate megabranch (#18399) 
* 3.1 megabranch

* these should be in a topic branch to avoid unnecessary ci failures

* add copies of 3.0 schema files

* update link veresion from 3.0 -> 3.1

* update correct version 🤦‍♀️

* update with 3.1 version links

* first stab of this work

* fix product variable and links to section that has been moved

* simplify Liquid conditions

* elsif

* Update content/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* [GHES 3.1] Code scanning: SARIF limit increased to 5000 (#18539)

* revert api previews

* delete 3.1 preview

* Revert "delete 3.1 preview"

This reverts commit 0a7df3e17a1e182e5b01b0fdafacb6bb19100f70.

* regenerate decorated file

* make security policy docs available in GHES 3.1 and GHAE docs

* adapt for GHES/GHAE and remove the word

* revert a whole bunch of stuff

* more reverting and further updating

* update links to Adding a security policy to your repo article

* fix broken links and remove responsibly

* simplify Liquid versioning

* Update content/code-security/getting-started/adding-a-security-policy-to-your-repository.md

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* address comment

* Remove overcomplicated versioning (#18934)

* Update information on licensing and billing for GHES 3.1 (#18835)

* regenerate graphql files with new prerendered input object

* add release notes placeholder file

* add scaffolding

* use real date

* ✂️  3.1 schema added accidentally

* update enterprise release dates

* add base files

* Correct versioning for branch renaming and master to main transition in GHES docs (#19050)

* update versioning

* apply Alistair's suggestion

* add new cached index names

* Update docs for code scanning in external CI to cover CodeQL CLI usage (#19030)

* 3893 add missing flag for GHES and GHAE (next) users (#19129)

* [GHES 3.1] Release candidate 1 release notes  (#18419)

* fleshing out the 33.1 RC1 release notes

* update with moreee

* really flesh it all out

* format a bit

* fix linter errors

* fix errors again

* add quotes around heading with Liquid

* placeholder to get error fixed

* add quotes

* just remove thoose things

* typo

* Update 0-rc1.yml

* update with feedback

* add workflow beta

* upload increase

* some last changes

* change the date

* fix links

Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>

* Conflict resolution between 19082 and 3.1 Megabranch (#19158)

* Fix typo in new reusable

* delete 3.1 rest schema files

* Update OpenAPI Descriptions (#19166)

* last minute additions yikes

* redeploy staging

Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
2021-05-06 09:41:42 -07:00

64 lines
5.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Troubleshooting CodeQL runner in your CI system
shortTitle: Troubleshooting CodeQL runner
intro: 'If you''re having problems with the {% data variables.product.prodname_codeql_runner %}, you can troubleshoot by using these tips.'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning-in-your-ci-system
- /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system
- /code-security/secure-coding/troubleshooting-codeql-code-scanning-in-your-ci-system
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
github-ae: '*'
topics:
- Security
---
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
{% data reusables.code-scanning.beta-codeql-runner %}
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.not-available %}
### The `init` command takes too long
Before the {% data variables.product.prodname_codeql_runner %} can build and analyze code, it needs access to the {% data variables.product.prodname_codeql %} bundle, which contains the {% data variables.product.prodname_codeql %} CLI and the {% data variables.product.prodname_codeql %} libraries.
When you use the {% data variables.product.prodname_codeql_runner %} for the first time on your machine, the `init` command downloads the {% data variables.product.prodname_codeql %} bundle to your machine. This download can take a few minutes.
The {% data variables.product.prodname_codeql %} bundle is cached between runs, so if you use the {% data variables.product.prodname_codeql_runner %} again on the same machine, it won't download the {% data variables.product.prodname_codeql %} bundle again.
To avoid this automatic download, you can manually download the {% data variables.product.prodname_codeql %} bundle to your machine and specify the path using the `--codeql-path` flag of the `init` command.
### No code found during the build
If the `analyze` command for the {% data variables.product.prodname_codeql_runner %} fails with an error `No source code was seen during the build`, this indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code. Several reasons can explain such a failure.
1. Automatic language detection identified a supported language, but there is no analyzable code of that language in the repository. A typical example is when our language detection service finds a file associated with a particular programming language like a `.h`, or `.gyp` file, but no corresponding executable code is present in the repository. To solve the problem, you can manually define the languages you want to analyze by using the `--languages` flag of the `init` command. For more information, see "[Configuring {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/configuring-codeql-runner-in-your-ci-system)."
1. You're analyzing a compiled language without using the `autobuild` command and you run the build steps yourself after the `init` step. For the build to work, you must set up the environment such that the {% data variables.product.prodname_codeql_runner %} can monitor the build process. The `init` command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the `init` command.
- On macOS and Linux:
```shell
$ . codeql-runner/codeql-env.sh
```
- On Windows, using the Command shell (`cmd`) or a batch file (`.bat`):
```shell
> call codeql-runner\codeql-env.bat
```
- On Windows, using PowerShell:
```shell
> cat codeql-runner\codeql-env.sh | Invoke-Expression
```
The environment variables are also stored in the file `codeql-runner/codeql-env.json`. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the `init` command, then you can use the data in JSON format instead.
{% note %}
**Note:** If you used the `--temp-dir` flag of the `init` command to specify a custom directory for temporary files, the path to the `codeql-env` files might be different.
{% endnote %}
1. You're analyzing a compiled language on macOS without using the `autobuild` command and you run the build steps yourself after the `init` step. If SIP (System Integrity Protection) is enabled, which is the default on recent versions of OSX, analysis might fail. To fix this, prefix the build command with the `$CODEQL_RUNNER` environment variable.
For example, if your build command is `cmd arg1 arg2`, you should run `$CODEQL_RUNNER cmd arg1 arg2`.
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
Reference in New Issue View Git Blame Copy Permalink