GitHub CLI CodeQL Scan Extension to help abstract CodeQL away from users.
This installs CodeQL and this scan tool:
gh extensions install github/gh-codeql
gh extensions install advanced-security/gh-codeql-scan
gh codeql-scan --helpA couple of tips and tricks:
# Create an alias to make things even easier
alias codeql-scan="gh codeql-scan"
The main use of the script is to automatically run CodeQL in a number of modes.
# End-to-end analysis and upload results
gh codeql-scan# `init` mode: Create only the Codeql database
gh codeql-scan init --auto-detect
# or manually set language
gh codeql-scan init -l=java # `analyze` mode: Run query-suites on an existing database (auto-detects databases)
gh codeql-scan analyze# `upload` mode: Upload all SARIF files
gh codeql-scan uploadThis project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
- @GeekMasher
Support is via GitHub Issues