This pull request introduces a set of Linux Shared Libraries allowing Jenkins users to execute CodeQL scans during their normal build process. This differs from the use of the ExecuteCodeQL() function in that users will no longer have to perform separate builds to perform CodeQL scans but can instead use CodeQL trace-commands or build-tracing to invoke their build processes in CI once.
The following Shared Library Functions are introduced:
InstallCodeQL()
Allows users to install CodeQL at runtime
InitializeCodeQLDatabase()
Depending on whether users are scanning a non-compiled language, whether they intend to use trace-commands, or build-tracing an appropriate database is created
AnalyzeCodeQLDatabase()
Depending on whether users are analyzing a non-compiled language, whether the database was created using trace-commands, or using build-tracing the database is properly analyzed
UploadResults()
Uploads the CodeQL SARIF file and the CodeQL database to GitHub
This pull request introduces a set of Linux Shared Libraries allowing Jenkins users to execute CodeQL scans during their normal build process. This differs from the use of the
ExecuteCodeQL()function in that users will no longer have to perform separate builds to perform CodeQL scans but can instead use CodeQL trace-commands or build-tracing to invoke their build processes in CI once.The following Shared Library Functions are introduced:
InstallCodeQL()InitializeCodeQLDatabase()trace-commands, orbuild-tracingan appropriate database is createdAnalyzeCodeQLDatabase()trace-commands, or usingbuild-tracingthe database is properly analyzedUploadResults()