lindluni
commented
1 year ago There was a minor mistake in the call to GetCodeQLConfig where it was passing in the defaultBranch instead of the path to codeql.yml. This fix should correct that: https://github.com/department-of-veterans-affairs/codeql-tools/pull/79/files
Waiting for an updated Metrics run to complete before closing this out.
The metrics dashboard appears to not be taking the excluded_languages in codeql.yml file into account when determining if a repository is compliant or not.
It looks like the cause might be in collect-metrics/internal/manager.go, line 91. The third argument to GetCodeQLConfig() appears to be passing a branch name when the method appears to expect a file path.
From the log, there are no excluded languages returned from the function call:
Some repositories where we are seeing the issue:
But based on the verify-scans logs, it looks like it may affect up to 25 repositories currently.