Skip to content

Commit 46fbb2a

Browse files
adityasharadadityasharad
authored
Merge pull request github#6334 from github/security-severity-docs
Update CodeQL docs for security-severity levels
2 parents 890adf9 + a365d4f commit 46fbb2a

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,10 +45,12 @@ The following properties are supported by all query files:
4545
| | | ``high`` | |
4646
| | | ``very-high`` | |
4747
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
48-
| ``@problem.severity`` | | ``error`` | Defines the level of severity of any alerts generated by the query. This, along with the ``@precision`` property, determines whether the results are displayed by default on LGTM. |
48+
| ``@problem.severity`` | | ``error`` | Defines the level of severity of any alerts generated by a non-security query. This, along with the ``@precision`` property, determines whether the results are displayed by default on LGTM. |
4949
| | | ``warning`` | |
5050
| | | ``recommendation`` | |
5151
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
52+
| ``@security-severity``| ``<score>`` | Defines the level of severity, between 0.0 and 10.0, for queries with `@tags security`. For more information about calculating `@security-severity`, see the [GitHub changelog](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/). |
53+
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5254

5355
Additional properties for filter queries
5456
----------------------------------------

docs/query-metadata-style-guide.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,10 +115,11 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties
115115
* `medium`
116116
* `high`
117117
* `very-high`
118-
* `@problem.severity`–defines the level of severity of the alert:
118+
* `@problem.severity`–defines the level of severity of non-security alerts:
119119
* `error`–an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability.
120120
* `warning`–an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed.
121121
* `recommendation`–an issue where the code behaves correctly, but it could be improved.
122+
* `@security-severity`-defines the level of severity, between 0.0 and 10.0, for queries with `@tags security`. For more information about calculating `@security-severity`, see the [GitHub changelog](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/).
122123

123124
The values of `@precision` and `@problem.severity` assigned to a query that is part of the standard set determine how the results are displayed by LGTM. See [About alerts](https://help.semmle.com/lgtm-enterprise/user/help/about-alerts.html) and [Alert interest](https://lgtm.com/help/lgtm/alert-interest) for further information. For information about using custom queries in LGTM on a 'per-project' basis, see [Writing custom queries to include in LGTM analysis](https://lgtm.com/help/lgtm/writing-custom-queries) and [About adding custom queries](https://help.semmle.com/lgtm-enterprise/admin/help/about-adding-custom-queries.html).
124125

0 commit comments

Comments
 (0)