Skip to content

Commit 769f787

Browse files
esbenaesbena
committed
QL: Update readme with alerts and actions information
1 parent f29813b commit 769f787

File tree

1 file changed

+24
-1
lines changed

1 file changed

+24
-1
lines changed

README.md

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,20 @@
11
# QL analysis support for CodeQL
22

3-
*Part of the May 2021 [code scanning hackathon](https://github.com/github/code-scanning-hackathon/issues/3).*
3+
- *Part of the May 2021 [code scanning hackathon](https://github.com/github/code-scanning-hackathon/issues/3).*
4+
- *Part of the October 2021 [code scanning hackathon](https://github.com/github/code-scanning-hackathon/issues/61).*
45

56
Under development.
67

8+
## Viewing the alerts from github/codeql and github/codeql-go
9+
10+
**TLDR: View https://github.com/github/codeql-ql/security/code-scanning?query=branch%3Anightly-changes-alerts periodically.**
11+
12+
The [`nightly-changes-alerts` branch](https://github.com/github/codeql-ql/tree/nightly-changes-alerts) contains nightly snapshots of QL related code from [github/codeql](https://github.com/github/codeql) and [github/codeql-go](https://github.com/github/codeql-go). The corresponding [code-scanning alerts](https://github.com/github/codeql-ql/security/code-scanning?query=branch%3Anightly-changes-alerts) are from the [default query suite](https://github.com/github/codeql-ql/blob/main/ql/src/codeql-suites/ql-code-scanning.qls).
13+
14+
The branch and alerts are updated every night by the [`nightly-changes.yml` workflow](https://github.com/github/codeql-ql/actions/workflows/nightly-changes.yml).
15+
16+
Ideally, the scans would happen automatically as part of the PRs. That requires more coordination, and is tracked here: https://github.com/github/codeql-coreql-team/issues/1669.
17+
718
## Building the tools from source
819

920
[Install Rust](https://www.rust-lang.org/tools/install) (if using VSCode, you may also want the `rust-analyzer` extension), then run:
@@ -39,3 +50,15 @@ Run
3950
```bash
4051
codeql test run <test-path> --search-path <repository-root-path>
4152
```
53+
54+
## GitHub Actions
55+
56+
In addition to the above nightly scans of the known CodeQL repositories, the following Actions are of particular interest:
57+
58+
- [`bleeding-codeql-analysis.yml`](https://github.com/github/codeql-ql/actions/workflows/bleeding-codeql-analysis.yml)
59+
- runs on all PRs, displays how alerts for the known CodeQL repositories change as consequence of the PR
60+
- the code from the known CodeQL repositories should be updated occasionally by running [`repo-tests/import-repositories.sh`](https://github.com/github/codeql-ql/blob/main/repo-tests/import-repositories.sh) locally, and creating a PR.
61+
- produces an artifact built `ql` database in
62+
- [`build.yml`](https://github.com/github/codeql-ql/actions/workflows/build.yml)
63+
- produces an artifact with the `ql` extractor and the `ql` query pack in
64+

0 commit comments

Comments
 (0)