ivuorinen/actions/codeql-analysis
CodeQL Analysis
Description
Run CodeQL security analysis for a single language with configurable query suites
Inputs
| name | description | required | default |
|---|---|---|---|
language |
Language to analyze (javascript, python, actions, java, csharp, cpp, ruby, go, etc.) |
true |
"" |
queries |
Comma-separated list of additional queries to run |
false |
"" |
packs |
Comma-separated list of CodeQL query packs to run |
false |
"" |
config-file |
Path to CodeQL configuration file |
false |
"" |
config |
Configuration passed as a YAML string |
false |
"" |
build-mode |
The build mode for compiled languages (none, manual, autobuild) |
false |
"" |
source-root |
Path of the root source code directory |
false |
"" |
category |
Analysis category (default: /language:) |
false |
"" |
checkout-ref |
Git reference to checkout (default: current ref) |
false |
"" |
token |
GitHub token for API access |
false |
${{ github.token }} |
working-directory |
Working directory for the analysis |
false |
. |
upload-results |
Upload results to GitHub Security tab |
false |
true |
ram |
Amount of memory in MB that can be used by CodeQL |
false |
"" |
threads |
Number of threads that can be used by CodeQL |
false |
"" |
output |
Path to save SARIF results |
false |
../results |
skip-queries |
Build database but skip running queries |
false |
false |
add-snippets |
Add code snippets to SARIF output |
false |
false |
Outputs
| name | description |
|---|---|
language-analyzed |
Language that was analyzed |
analysis-category |
Category used for the analysis |
sarif-file |
Path to generated SARIF file |
Runs
This action is a composite action.
Usage
- uses: ivuorinen/actions/codeql-analysis@main
with:
language:
# Language to analyze (javascript, python, actions, java, csharp, cpp, ruby, go, etc.)
#
# Required: true
# Default: ""
queries:
# Comma-separated list of additional queries to run
#
# Required: false
# Default: ""
packs:
# Comma-separated list of CodeQL query packs to run
#
# Required: false
# Default: ""
config-file:
# Path to CodeQL configuration file
#
# Required: false
# Default: ""
config:
# Configuration passed as a YAML string
#
# Required: false
# Default: ""
build-mode:
# The build mode for compiled languages (none, manual, autobuild)
#
# Required: false
# Default: ""
source-root:
# Path of the root source code directory
#
# Required: false
# Default: ""
category:
# Analysis category (default: /language:<language>)
#
# Required: false
# Default: ""
checkout-ref:
# Git reference to checkout (default: current ref)
#
# Required: false
# Default: ""
token:
# GitHub token for API access
#
# Required: false
# Default: ${{ github.token }}
working-directory:
# Working directory for the analysis
#
# Required: false
# Default: .
upload-results:
# Upload results to GitHub Security tab
#
# Required: false
# Default: true
ram:
# Amount of memory in MB that can be used by CodeQL
#
# Required: false
# Default: ""
threads:
# Number of threads that can be used by CodeQL
#
# Required: false
# Default: ""
output:
# Path to save SARIF results
#
# Required: false
# Default: ../results
skip-queries:
# Build database but skip running queries
#
# Required: false
# Default: false
add-snippets:
# Add code snippets to SARIF output
#
# Required: false
# Default: false