githubpartners / microsoft-learn

The planning and tracking of GitHub modules on MS Learn
7 stars 6 forks source link

MS Learn Module Update Request: Identify security vulnerabilities in your codebase with CodeQL #107

Open knewbury01 opened 1 year ago

knewbury01 commented 1 year ago

Which of the MS Learn modules from the dropdown are you submitting an update request?

GitHub administration for GitHub Advanced Security

Additional information

Information about the requested update

1) in Unit 2 under header "Download the CodeQL CLI zip package" - there is a duplicated sentence across 2 sequential paragraphs - "Alternatively, you can download the codeql.zip file that contains the CLI for all supported platforms." Remove one of the sentences

2) in Unit 2 under header "Obtain a local copy of the CodeQL queries"- the info on the Go repo should be updated, it used to be in a separate repo but has since all been moved to the same one as the other languages there is a similar update that should be made in the Module "Code scanning with GitHub CodeQL " Unit 2 under "Query Language (QL) packs" about the (now deprecated) separation of the Go repo

3) in Unit 2 under header "Potential CodeQL shortfalls" - unsure about why it says: "Analysis of compiled languages, other than Go, will fail unless you supply explicit commands" ? this is false, autobuild will not always fail on compiled languages.

4) in Unit 3 under the header "Upload 3rd party SARIF results" - in the sentence "Fingerprint data is included in SARIF files created by the CodeQL analysis workflow or using the CodeQL runner." the runner is deprecated, probably ought to remove mention of it

Chukslord1 commented 10 months ago

Hi @knewbury01 ,

Thank you so much for submitting this issue and we apologize for your inconvenient experience. Our team is in the process of revising and updating the MS Learn modules for GitHub Advanced Security, and we assure you that your feedback will be incorporated into the upcoming updates.