|
1 | 1 | # Ruby analysis support for CodeQL |
2 | 2 |
|
3 | | -Under development. |
| 3 | +This open-source repository contains the extractor, CodeQL libraries, and queries that power Ruby |
| 4 | +support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) |
| 5 | +makes available to its customers worldwide. |
| 6 | + |
| 7 | +It contains two major components: |
| 8 | + - an extractor, written in Rust, that parses Ruby source code and converts it into a database |
| 9 | + that can be queried using CodeQL. |
| 10 | + - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be |
| 11 | + used to analyze such a database to find coding mistakes or security vulnerabilities. |
| 12 | + |
| 13 | +The goal of this project is to provide comprehensive static analysis support for Ruby in CodeQL. |
| 14 | + |
| 15 | +For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL |
| 16 | +repository](https://github.com/github/codeql). |
| 17 | + |
| 18 | +## Installation |
| 19 | + |
| 20 | +Simply clone this repository. There are no external dependencies. |
| 21 | + |
| 22 | +If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS |
| 23 | +Code workspace. |
| 24 | + |
| 25 | +## Usage |
| 26 | + |
| 27 | +To analyze a Ruby codebase, either use the [CodeQL command-line |
| 28 | +interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or |
| 29 | +download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the |
| 30 | +queries contained in this repository either on the command line or using the VS Code extension. |
| 31 | + |
| 32 | +Note that the [lgtm.com](https://github.com/github/codeql-ruby/tree/lgtm.com) branch of this |
| 33 | +repository corresponds to the version of the queries that is currently deployed on LGTM.com. |
| 34 | +The [main](https://github.com/github/codeql-ruby/tree/main) branch may contain changes that |
| 35 | +have not been deployed yet, so you may need to upgrade databases downloaded from [LGTM.com](https://lgtm.com) before |
| 36 | +running queries on them. |
| 37 | + |
| 38 | +## Contributions |
| 39 | + |
| 40 | +Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our |
| 41 | +[code of conduct](CODE_OF_CONDUCT.md) for details on how to participate in our community. |
| 42 | + |
| 43 | +## Licensing |
| 44 | + |
| 45 | +The code in this repository is licensed under the [MIT license](LICENSE). |
| 46 | + |
| 47 | +## Resources |
| 48 | + |
| 49 | +- [Writing CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/) |
| 50 | +- [CodeQL documentation](https://codeql.github.com/docs/) |
| 51 | + |
| 52 | +# Developer information |
4 | 53 |
|
5 | 54 | ## Building the tools from source |
6 | 55 |
|
|
0 commit comments