Line edits

Author: lootle1

learn-pr/github/code-scanning-with-github-codeql/includes/1-introduction.md

@@ -1,4 +1,4 @@
-Code scanning using CodeQL provides an extensible method to automate vulnerability scanning across your organizations GitHub repositories. It's important to understand how the tool works and what its features are so as to best implement code scanning to meet your code's security needs. You'll also need to understand the various configuration options and how to implement and maintain a code-scanning pipeline in order to configure and deploy code scanning correctly.
+Code scanning using CodeQL provides an extensible method to automate vulnerability scanning across your organization's GitHub repositories. It's important to understand how the tool works and what its features are so as to best implement code scanning to meet your code's security needs. You'll also need to understand the various configuration options and how to implement and maintain a code-scanning pipeline in order to configure and deploy code scanning correctly.
 
 In this module, we review the CodeQL static-analysis tool and how the code-scanning feature in GitHub uses it to automate vulnerability scanning. We also learn how to customize a code scanning workflow that uses CodeQL, how to include additional queries, and how to adapt your workflow to repositories that have multiple languages.
 

learn-pr/github/code-scanning-with-github-codeql/includes/11-exercise-configure-language-matrix.md

@@ -17,8 +17,8 @@ This exercise is a challenge based on content covered in this module. It may tak
 When you've finished the exercise in GitHub, return here for:
 ​
 > [!div class="checklist"]
-> * A summary of what you've learned
-> * A badge for completing this module
+> - A summary of what you've learned
+> - A badge for completing this module
 ​
 ​
 > [!div class="nextstepaction"]

learn-pr/github/code-scanning-with-github-codeql/includes/12-summary.md

@@ -1,10 +1,10 @@
 In this module, we learned:
 
-* Code scanning with CodeQL can be customized using the advanced setup workflow file that specifies the location of queries, which languages to analyze, and whether they should be built with autobuild, or manual build steps.
+* Code scanning with CodeQL can be customized using the advanced setup workflow file that specifies the location of queries, which languages to analyze, and whether they should be built with autobuild or manual build steps.
 * GitHub supports integration of third party scanning and alerting tools in the code scanning process.
 * CodeQL has a CLI that allows you to create and analyze databases offline and then upload the results to GitHub using a SARIF file.
 
-Without using GitHub code scanning with CodeQL, it would be difficult to automate both the scanning of your code, and generating pull requests to fix the vulnerable code. In addition, CodeQL provides an extensive, growing library of queries in multiple languages that help you create more secure code with little engineering effort.
+Without using GitHub code scanning with CodeQL, it would be difficult to automate both the scanning of your code and generating pull requests to fix the vulnerable code. In addition, CodeQL provides an extensive, growing library of queries in multiple languages that help you create more secure code with little engineering effort.
 
 ## References
 

learn-pr/github/code-scanning-with-github-codeql/includes/2-what-is-codeql.md

@@ -6,13 +6,13 @@ In this unit, you'll learn about the CodeQL static analysis tool and how it uses
 
 ## Variant analysis
 
-Variant analysis is the process of using a known security vulnerability as a seed to find similar problems in your code. It’s a technique that security engineers use to identify potential vulnerabilities and ensure these threats are properly fixed across multiple codebases.
+Variant analysis is the process of using a known security vulnerability as a seed to find similar problems in your code. It's a technique that security engineers use to identify potential vulnerabilities and ensure these threats are properly fixed across multiple codebases.
 
 Querying code using CodeQL is the most efficient way to perform variant analysis. You can use the standard CodeQL queries to identify seed vulnerabilities, or find new vulnerabilities by writing your own custom CodeQL queries. Then, you can develop or iterate over the query to automatically find logical variants of the same bug that could be missed using traditional manual techniques.
 
 ## CodeQL databases
 
-CodeQL databases contain queryable data extracted from a codebase, for a single language at a particular point in time. The database contains a full, hierarchical representation of the code, including a representation of the abstract syntax tree, the data-flow graph, and the control-flow graph.
+CodeQL databases contain queryable data extracted from a codebase for a single language at a particular point in time. The database contains a full, hierarchical representation of the code, including a representation of the abstract syntax tree, the data-flow graph, and the control-flow graph.
 
 Each language has its own unique database schema that defines the relations used to create a database. The schema provides an interface between the initial lexical analysis performed during the extraction process and the actual complex analysis of the CodeQL query evaluator. The schema specifies, for instance, that there's a table for every language construct.
 
@@ -27,7 +27,7 @@ The CodeQL library defines classes to provide a layer of abstraction over each o
 
 ## Query suites
 
-CodeQL query suites provide a way of selecting queries, based on their filename, location on disk or in a QL pack, or metadata properties. Create query suites for the queries that you want to frequently use in your CodeQL analyses.
+CodeQL query suites provide a way of selecting queries based on their filename, metadata properties, or location on disk or in a QL pack. Create query suites for the queries that you want to frequently use in your CodeQL analyses.
 
 Query suites allow you to pass multiple queries to CodeQL without having to specify the path to each query file individually. Query suite definitions are stored in YAML files with the extension `.qls`. A suite definition is a sequence of instructions where each instruction is a YAML mapping with (usually) a single key. The instructions are executed in the order they appear in the query suite definition. After all the instructions in the suite definition have been executed, the result is a set of selected queries.
 
@@ -36,9 +36,9 @@ Query suites allow you to pass multiple queries to CodeQL without having to spec
 There are two built-in query suites for CodeQL:
 
 * `default`: These are the queries run by default in CodeQL code scanning on GitHub, available with the default setup of code scanning. The queries in this query suite are highly precise and return few false positive code scanning results. Relative to the `security-extended` query suite, the default suite returns fewer low-confidence code scanning results.
-* `security-extended`: This suite contains all of the queries from the `default` suite, plus extra security queries with slightly lower precision and severity. It is available with the default setup of code scanning and is listed as the "Extended" option in the query suites dropdown. Relative to the `default` query suite, this suite may return a greater number of false positive code scanning results.
+* `security-extended`: This suite contains all of the queries from the `default` suite, plus extra security queries with slightly lower precision and severity. It's available with the default setup of code scanning and is listed as the "Extended" option in the query suites dropdown. Relative to the `default` query suite, this suite may return a greater number of false positive code scanning results.
 
-The default setup of code scanning will use the `default` query suite. This can be changed by selecting the overflow icon to view the CodeQL configuration and then selecting to the edit button. Under "Scan settings" you may choose one of the above two options as the query suite.
+The default setup of code scanning will use the `default` query suite. This can be changed by selecting the overflow icon to view the CodeQL configuration, and then selecting to the edit button. Under "Scan settings," you may choose one of the above two options as the query suite.
 
 ## CodeQL packs
 
@@ -52,11 +52,11 @@ There are three types of CodeQL packs: query packs, library packs, and model pac
 
 ### CodeQL pack structure
 
-The CodeQL CLI can be used to being developing and publishing a pack using the `pack init` command. This command will create the directory structure and files required, including the main file called `qlpack.yml` in its root directory. The metadata in each `qlpack.yml` file tells CodeQL how to compile any queries in the pack, what libraries the pack depends on, and where to find query suite definitions.
+The CodeQL CLI can be used to develop and publish a pack using the `pack init` command. This command will create the directory structure and files required, including the main file called `qlpack.yml` in its root directory. The metadata in each `qlpack.yml` file tells CodeQL how to compile any queries in the pack, what libraries the pack depends on, and where to find query suite definitions.
 
 The contents of the CodeQL pack (queries or libraries used in CodeQL analysis) is included in the same directory as `qlpack.yml`, or its subdirectories.
 
-The directory containing the qlpack.yml file serves as the root directory for the content of the CodeQL pack. That is, for all `.ql` and `.qll`s files in the pack, CodeQL will resolve all import statements relative to the directory containing the qlpack.yml file at the pack’s root.
+The directory containing the qlpack.yml file serves as the root directory for the content of the CodeQL pack. That is, for all `.ql` and `.qll`s files in the pack, CodeQL will resolve all import statements relative to the directory containing the qlpack.yml file at the pack's root.
 
 Here's an example `qlpack.yml` file:
 

learn-pr/github/code-scanning-with-github-codeql/includes/3-how-does-codeql-analyze-code.md

@@ -2,7 +2,7 @@ Implementing code scanning with CodeQL requires an understanding of how the tool
 
 CodeQL analysis consists of three steps:
 
-1. Preparing the code, by creating a CodeQL database.
+1. Preparing the code by creating a CodeQL database.
 2. Running CodeQL queries against the database.
 3. Interpreting the query results.
 
@@ -22,16 +22,16 @@ After extraction, all the data required for analysis (relational data, copied so
 
 ## Query execution
 
-After you’ve created a CodeQL database, one or more queries are executed against it. CodeQL queries are written in a specially designed object-oriented query language called QL.
+After you've created a CodeQL database, one or more queries are executed against it. CodeQL queries are written in a specially designed object-oriented query language called QL.
 
-You can run the queries checked out from the CodeQL repo (or custom queries that you’ve written yourself) using the CodeQL for VS Code extension or the CodeQL CLI.
+You can run the queries checked out from the CodeQL repo (or custom queries that you've written yourself) using the CodeQL for VS Code extension or the CodeQL CLI.
 
 ## Query results
 
 The final step converts results produced during query execution into a form that's more meaningful in the context of the source code, meaning that the results are interpreted in a way that highlights the potential issue that the queries are designed to find.
 
 :::image type="content" source="../media/codeql-query-results.png" alt-text="Screenshot of CodeQL query results.":::
 
-Queries contain metadata properties that indicate how the results should be interpreted. For instance, some queries display a simple message at a single location in the code. Others display a series of locations that represent steps along a data-flow or control-flow path, along with a message explaining the significance of the result. Queries that don’t have metadata are not interpreted; their results are output as a table and not displayed in the source code.
+Queries contain metadata properties that indicate how the results should be interpreted. For instance, some queries display a simple message at a single location in the code. Others display a series of locations that represent steps along a data-flow or control-flow path, along with a message explaining the significance of the result. Queries that don't have metadata are not interpreted; their results are output as a table and not displayed in the source code.
 
 Following interpretation, results are output for code review and triaging. In CodeQL for Visual Studio Code, interpreted query results are automatically displayed in the source code. You can output results generated by the CodeQL CLI into a number of different formats for use with different tools.

learn-pr/github/code-scanning-with-github-codeql/includes/4-what-is-ql.md

@@ -12,7 +12,7 @@ In this unit, you'll learn about the basic features of the QL programming langua
 
 ## The QL syntax
 
-The syntax of QL is similar to SQL, but the semantics of QL are based on Datalog, a declarative logic programming language often used as a query language. This makes QL primarily a logic language, and all operations in QL are logical operations. Furthermore, QL inherits recursive predicates from Datalog and adds support for aggregates, making even complex queries concise and simple. For example, consider a database containing parent-child relationships for people. If you want to find the number of descendants of a person, typically you would:
+The syntax of QL is similar to SQL. However, the semantics of QL are based on Datalog, a declarative logic programming language often used as a query language. This makes QL primarily a logic language, and all operations in QL are logical operations. Furthermore, QL inherits recursive predicates from Datalog and adds support for aggregates, making even complex queries concise and simple. For example, consider a database containing parent-child relationships for people. If you want to find the number of descendants of a person, typically you'd:
 
 1. Find a descendant of the given person; that is, a child or a descendant of a child.
 2. Count the number of descendants found using the previous step.
@@ -32,14 +32,14 @@ int getNumberOfDescendants(Person p) {
 
 ## Object orientation
 
-Object orientation is an important feature of QL. The benefits of object orientation are well-known: it increases modularity, enables information hiding, and allows code reuse. QL offers all these benefits without compromising on its logical foundation. This is achieved by defining a simple object model where classes are modeled as predicates and inheritance as implication. The libraries made available for all supported languages make extensive use of classes and inheritance.
+Object orientation is an important feature of QL. The benefits of object orientation are well-known. It increases modularity, enables information hiding, and allows code reuse. QL offers all these benefits without compromising on its logical foundation. This is achieved by defining a simple object model where classes are modeled as predicates and inheritance as implication. The libraries made available for all supported languages make extensive use of classes and inheritance.
 
 ## QL and general purpose programming languages
 
 Here are a few prominent conceptual and functional differences between general purpose programming languages and QL:
 
 * QL does not have any imperative features such as assignments to variables or file system operations.
-* QL operates on sets of tuples and a query can be viewed as a complex sequence of set operations that defines the result of the query.
-* QL’s set-based semantics makes it very natural to process collections of values without having to worry about efficiently storing, indexing and traversing them.
+* QL operates on sets of tuples, and a query can be viewed as a complex sequence of set operations that defines the result of the query.
+* QL's set-based semantics makes it very natural to process collections of values without having to worry about efficiently storing, indexing, and traversing them.
 
 In object-oriented programming languages, instantiating a class involves creating an object by allocating physical memory to hold the state of that instance of the class. In QL, classes are just logical properties describing sets of already existing values.

learn-pr/github/code-scanning-with-github-codeql/includes/5-code-scanning-codeql.md

@@ -4,7 +4,7 @@ Depending on which tool you want to use for analysis and how you want to generat
 * Use advanced setup to add the CodeQL workflow to your repository. This generates a customizable workflow file which uses the github/codeql-action to run the CodeQL CLI. For more information, see "Configuring advanced setup for code scanning."
 * Run the CodeQL CLI directly in an external CI system and upload the results to GitHub. For more information, see "Using code scanning with your existing CI system."<sup>[2]</sup>
 
-Previously, we learned about getting started with the default setup and configurations. Now you'll learn how to set up code scanning with the advanced setup, as well as how to perform bulk setup of a code scanning workflow for multiple repositories.
+Previously, we learned about getting started with the default setup and configurations. Now, you'll learn how to set up code scanning with the advanced setup, as well as how to perform bulk setup of a code scanning workflow for multiple repositories.
 
 ## Code scanning with GitHub Actions and CodeQL
 

learn-pr/github/code-scanning-with-github-codeql/includes/6-customize-your-scanning-workflow-with-codeql.md

@@ -2,7 +2,7 @@ Code scanning workflows that use CodeQL have various configuration options you c
 
 When you use CodeQL to scan code, the CodeQL analysis engine generates a database from the code and runs queries on it. CodeQL analysis uses a default set of queries, but you can specify more queries to run in addition to the default queries.
 
-You can run extra queries if they're part of a CodeQL pack (beta) published to the GitHub Container registry or a QL pack stored in a repository.
+You can run extra queries if they're part of a CodeQL pack (beta) published to the GitHub Container registry, or a QL pack stored in a repository.
 
 There are two options for specifying which queries you want to run with CodeQL code scanning:
 
@@ -30,10 +30,10 @@ We don't recommend referencing query suites directly from the `github/codeql` re
 To add one or more CodeQL query packs (beta), add a `with: packs:` entry within the `uses: github/codeql-action/init@v1` section of the workflow. Within packs, you can specify one or more packages to use and, optionally, which version to download. Where you don't specify a version, the latest version is downloaded. If you want to use packages that aren't publicly available, you need to set the `GITHUB_TOKEN` environment variable to a secret that has access to the packages.
 
 In the following example, scope is the organization or personal account that published the package. When the workflow runs, the three CodeQL query packs download from GitHub and the default queries or query suite for each pack run. In the below example, each of the packs in the list will download based on their specifications:
-* The latest version of `pack1` is downloaded and all default queries are run.
-* Version 1.2.3 of `pack2` is downloaded and all default queries are run.
-* The latest version of `pack3` that is compatible with version 3.2.1 is downloaded and all queries are run.
-* Version 4.5.6 of `pack4` is downloaded and only the queries found in path/to/queries are run.
+* The latest version of `pack1` is downloaded, and all default queries are run.
+* Version 1.2.3 of `pack2` is downloaded, and all default queries are run.
+* The latest version of `pack3` that is compatible with version 3.2.1 is downloaded, and all queries are run.
+* Version 4.5.6 of `pack4` is downloaded, and only the queries found in path/to/queries are run.
 
 ```yml
 - uses: github/codeql-action/init@v3