You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update `README.md` to include detailed information about inputs, workflow permissions, build modes, and actions.
* **Inputs**: Add a section on inputs, including the `config` option, `languages`, `queries`, `packs`, `db-location`, `ram`, `threads`, and `source-root`.
* **Workflow Permissions**: Add a section on workflow permissions required for the actions.
* **Build Modes**: Add a section explaining the different build modes available for the actions (`none`, `autobuild`, `manual`).
* **Actions**: Add a section describing the different actions (`init`, `autobuild`, `analyze`, `upload-sarif`, `resolve-environment`, `start-proxy`) and how to use them, with links to the relevant documentation on GitHub.
---
For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/github/codeql-action?shareId=XXXX-XXXX-XXXX-XXXX).
Copy file name to clipboardExpand all lines: README.md
+33-1Lines changed: 33 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,10 +16,42 @@ We recommend using default setup to configure CodeQL analysis for your repositor
16
16
17
17
You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
18
18
19
-
### Permissions
19
+
### Inputs
20
+
21
+
The CodeQL Action supports various inputs to customize the analysis. Here are some important inputs:
22
+
23
+
-`config`: Path of the config file to use. This input allows you to specify a custom configuration file for the analysis.
24
+
-`languages`: A comma-separated list of CodeQL languages to analyze.
25
+
-`queries`: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
26
+
-`packs`: Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not specified, then the latest version of the pack is used. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of packs.
27
+
-`db-location`: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
28
+
-`ram`: The amount of memory in MB that can be used by CodeQL extractors.
29
+
-`threads`: The number of threads that can be used by CodeQL extractors.
30
+
-`source-root`: Path of the root source code directory, relative to $GITHUB_WORKSPACE.
31
+
32
+
### Workflow Permissions
20
33
21
34
All advanced setup code scanning workflows must have the `security-events: write` permission. Workflows in private repositories must additionally have the `contents: read` permission. For more information, see "[Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)."
22
35
36
+
### Build Modes
37
+
38
+
The CodeQL Action supports different build modes for analyzing the source code. The available build modes are:
39
+
40
+
-`none`: The database will be created without building the source code. Available for all interpreted languages and some compiled languages.
41
+
-`autobuild`: The database will be created by attempting to automatically build the source code. Available for all compiled languages.
42
+
-`manual`: The database will be created by building the source code using a manually specified build command. To use this build mode, specify manual build steps in your workflow between the `init` and `analyze` steps. Available for all compiled languages.
43
+
44
+
### Actions
45
+
46
+
The CodeQL Action includes several actions that can be used in your workflows. Here are the available actions and how to use them:
47
+
48
+
-`init`: Sets up CodeQL for analysis. For more information, see the [init action documentation](https://github.com/github/codeql-action/blob/main/init/action.yml).
49
+
-`autobuild`: Attempts to automatically build the code. For more information, see the [autobuild action documentation](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
50
+
-`analyze`: Finalizes the CodeQL database and runs the analysis. For more information, see the [analyze action documentation](https://github.com/github/codeql-action/blob/main/analyze/action.yml).
51
+
-`upload-sarif`: Uploads a SARIF file to Code Scanning. For more information, see the [upload-sarif action documentation](https://github.com/github/codeql-action/blob/main/upload-sarif/action.yml).
52
+
-`resolve-environment`: Attempts to infer a build environment suitable for automatic builds. For more information, see the [resolve-environment action documentation](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
53
+
-`start-proxy`: Starts an HTTP proxy server. For more information, see the [start-proxy action documentation](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
54
+
23
55
## Supported versions of the CodeQL Action
24
56
25
57
The following versions of the CodeQL Action are currently supported:
0 commit comments