Closed shenxianpeng closed 7 months ago
2bndy5
commented
7 months ago Have you tested this? Is it copied from a template?
I'm curious about the C++ support, particularly how CodeQL determines the C++ project's build process (and how it understands what any third-party dependencies are).
shenxianpeng
commented
7 months ago It copied from my blog repo which uses javascript language. I will test this workflow using the language Python.
Maybe this page can answer your question :)
shenxianpeng
commented
7 months ago Tested with PR https://github.com/cpp-linter/cpp-linter-hooks/pull/34 and this workflow works fine.
It's more and more common to use tools to discover vulnerabilities like CodeQL, Polaris, etc.
For projects on GitHub, CodeQL should be the first choice because it's free to research and open source.