adityasharad
commented
1 year ago Hi @lauragonzalezzz, glad to hear you are setting up code scanning with CodeQL.
It looks like your CodeQL analysis workflow has not yet had a successful run. This is why you are still seeing Needs setup in the UI. Once the CodeQL workflow has run successfully and uploaded the first set of results to GitHub code scanning, you will no longer see Needs setup, and will instead see a link to the code scanning alerts for the repo.
As to why the workflow is failing, I see errors in your Actions logs of the form No source code found. I notice that your workflow is configured to build only the files that were changed in the PR or pushed commit. I recommend against this for the following reasons:
- For compiled languages (such as as C/C++), CodeQL is designed to fail with
No source code founderrors if no source code in the target language was compiled during the observed build process. As currently configured, this means your workflow will fail on each PR or push that contains no C++ changes. - GitHub code scanning is designed to compare the set of alerts found on a PR with the "baseline" set of alerts found on pushes to the default branch, in order to identify which alerts were newly introduced or fixed by each PR. As currently configured, it will not be able to produce a consistent baseline for the default branch (because the last push may not have changed all the C++ code or solution files).
Could you please try changing your workflow so that it builds all the code to be analysed, for both push and pull_request events, rather than only the changed files?
lauragonzalezzz
I've created CodeQL Analysis workflows through the Actions tab as well as by simply adding it as a .yml file to the .github directory in my repo, but my Security menu remains indicating a need for Code Scanning setup. I cannot find any way to connect them manually.
How can I get my CodeQL Analysis workflow to cooperate with GitHub Code Scanning?
The workflow: https://github.com/microsoft/Windows-driver-samples/blob/main/.github/workflows/Code-Scanning.yml The menu: