-
The CodeQL default setup for `C/C++` that GitHub rolled out automatically does not work on our repo.
The build command does not succeed and needs some manual tweaking.
See https://github.com/Cocka…
-
As recommended, I use the default setup for CodeQL. I also _require_ the CI scans in my protected branches. However, whenever there is an external-fork-based PR, the scans are not run (= status is nev…
-
macos-latest (i.e. macos-14) image fails to install homebrew packages AFTER using codeql-action. The same homebrew install works fine if not using the codeql-action.
I filed a report on the runner-…
-
See https://github.tools.sap/cx-commerce/spasec/issues/68
-
**Description of the issue**
```
[2023-08-28 16:26:19] [build-stdout] [INFO] dzwn-public-api-parent ............................. SUCCESS [ 0.354 s]
[2023-08-28 16:26:19] [build-stdout] [INFO] dzw…
-
## Overview
CodeQL is the analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis. In CodeQL, code is treated like data. Security vuln…
-
I've discovered that the Sarif file that the CodeQL CLI produces is a schema URL that causes the sarif-vscode-extension to think the file is invalid. The schema URl (valid) that the CodeQL CLI produce…
-
### Affected rules
- `A5-16-1`: `cpp/autosar/ternary-conditional-operator-used-as-sub-expression`
> Rule A5-16-1 (required, implementation, automated)
> The ternary conditional operator shall no…
-
Hello,
As per the title, I wanted to take advantage of the _codeqlpathstoignore_ in the AdvancedSecurity-Codeql-Init task as there are some folders that don't need to be scanned. But when trying to…
-
**Godot version:**
Any
**OS/device including version:**
Any
**Issue description:**
https://lgtm.com/projects/g/godotengine/godot/overview/
Shows some errors and warnings. It would …