May 22, 2024 · The task AdvancedSecurity-Codeql-Init@1 points to a codeqlconfig yaml file and in this file I point to a simple todo codeql query. This is afaik how it has to be done according to the …

Jan 14, 2025 · I am running CodeQL inside a private organization with advanced security enabled. It is working good for default queries. The queries security-extended and security-and-quality are …

Jan 17, 2024 · The CodeQL analysis is not limited to just the projects that were built in the current pipeline run. It analyzes the entire codebase in the repository. Therefore, if there are issues in the …

Aug 16, 2024 · I'm writing functions for a Python package to register files from a file system to an SQL database, and GitHub's CodeQL has flagged that the file paths are a potential security risk. I have …

Oct 2, 2023 · Find an example repo here: ghas-demo designed for GitHub workflows. However, it also applies to Azure DevOps. Just import the repo to DevOps, then create a Yaml pipeline by following …

Aug 23, 2023 · Now as I'm trying to scan this by codeql, it was trying to autobuild it without success. After investigating it online I understood that only specific type of projects can work with autobuild …

Oct 11, 2022 · Is there a way to exclude files from CodeQL scanning on GitHub Ask Question Asked 3 years, 4 months ago Modified 1 year ago

Apr 27, 2025 · Do you have a codeql-pack.yml / qlpack.yml file with the codeql/cpp-all pack as dependency? See also the documentation about the codeql-pack.yml file. If not, it might be easiest to …

Apr 12, 2023 · I am trying to configure CodeQL scanning on my repo. For that purpose I am using the template provided by GitHub: # For most projects, this workflow file will not need changing; you …

May 25, 2022 · Default setup currently supports analysis of JavaScript (including TypeScript), Python, and Ruby code. More languages will be supported soon, and all other languages supported by …