Closed shenxianpeng closed 7 months ago
Have you tested this? Is it copied from a template?
I'm curious about the C++ support, particularly how CodeQL determines the C++ project's build process (and how it understands what any third-party dependencies are).
It copied from my blog repo which uses javascript language. I will test this workflow using the language Python.
Maybe this page can answer your question :)
Tested with PR https://github.com/cpp-linter/cpp-linter-hooks/pull/34 and this workflow works fine.
It's more and more common to use tools to discover vulnerabilities like CodeQL, Polaris, etc.
For projects on GitHub, CodeQL should be the first choice because it's free to research and open source.