Closed lauragonzalezzz closed 1 year ago
Hi @lauragonzalezzz, glad to hear you are setting up code scanning with CodeQL.
It looks like your CodeQL analysis workflow has not yet had a successful run. This is why you are still seeing Needs setup
in the UI. Once the CodeQL workflow has run successfully and uploaded the first set of results to GitHub code scanning, you will no longer see Needs setup
, and will instead see a link to the code scanning alerts for the repo.
As to why the workflow is failing, I see errors in your Actions logs of the form No source code found
. I notice that your workflow is configured to build only the files that were changed in the PR or pushed commit. I recommend against this for the following reasons:
No source code found
errors if no source code in the target language was compiled during the observed build process. As currently configured, this means your workflow will fail on each PR or push that contains no C++ changes.Could you please try changing your workflow so that it builds all the code to be analysed, for both push and pull_request events, rather than only the changed files?
Thank you @adityasharad this resolved my issue! :)
I've created CodeQL Analysis workflows through the Actions tab as well as by simply adding it as a .yml file to the .github directory in my repo, but my Security menu remains indicating a need for Code Scanning setup. I cannot find any way to connect them manually.
How can I get my CodeQL Analysis workflow to cooperate with GitHub Code Scanning?
The workflow: https://github.com/microsoft/Windows-driver-samples/blob/main/.github/workflows/Code-Scanning.yml The menu: