Skip to content

advanced-security/sample-codeql-pipeline-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

86 Commits

AWS CodeBuild

AWS CodeBuild

 
 

Azure Pipelines

Azure Pipelines

 
 

CircleCI

CircleCI

 
 

DroneCI

DroneCI

 
 

Jenkins

Jenkins

 
 

Tekton

Tekton

 
 

TravisCI

TravisCI

 
 

_deprecated

_deprecated

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CODEOWNERS

CODEOWNERS

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

PRIVACY.md

PRIVACY.md

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

SUPPORT.md

SUPPORT.md

 
 

Repository files navigation

Sample pipeline files for using CodeQL in popular CI/CD systems

ℹ️ This is an unofficial project created by Field Security Services, and is not officially supported by GitHub.

This repository shows how to integrate CodeQL into various CI/CD systems, using the CodeQL CLI Bundle for Automated Code Scanning, in example pipeline configuration files.

These are supplementary to the GitHub.com docs on setting up CodeQL code scanning in your CI system.

The CI/CD systems covered here are Jenkins, Azure Pipelines, CircleCI, TravisCI, AWS CodeBuild and DroneCI.

GitHub Actions is natively supported by GitHub Advanced Security, so use the instructions in the GitHub.com docs to set up CodeQL for your repository.

For each CI/CD system a template is provided for both Windows and Linux.

There are examples/guidance for:

  1. automatic builds for compiled languages using the AutoBuilder (with no --command flag)
  2. manual builds for compiled languages with a --command flag
  3. analysis of interpreted languages (which don't need a build)
  4. (for Azure and Jenkins) an advanced example using indirect build tracing ("sandwich mode") wrapped around manually specified build commands

ℹ️ This is an unofficial project created by Field Security Services, and is not officially supported by GitHub.

Requirements

ℹ️ You must be using GitHub Advanced Security to use these pipeline files. If you are not using GitHub Advanced Security, please see the GitHub Advanced Security website for more information.

  1. A CI/CD pipeline using one of:
    • AWS CodeBuild
    • Azure Pipelines
    • CircleCI
    • DroneCI
    • Jenkins
    • TravisCI
  2. The CodeQL Bundle installed in the CI/CD pipeline
  3. GitHub PAT to push results back to GitHub Advanced Security

Usage

  1. Download and install the CodeQL Bundle in your CI system, testing that it works
  2. Copy the relevant pipeline file from this repository into your repository
  3. Update the pipeline file with your required settings

License

This project is licensed under the terms of the MIT open source license. Please refer to the LICENSE for the full terms.

Maintainers

See CODEOWNERS for the list of maintainers.

Support

See the SUPPORT file.

Background

See the CHANGELOG, CONTRIBUTING, SECURITY, SUPPORT, CODE OF CONDUCT and PRIVACY files for more information.

About

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

12 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6