{"id":13809709,"url":"https://github.com/advanced-security/gh-codeql-scan","last_synced_at":"2025-09-16T17:29:54.145Z","repository":{"id":114871976,"uuid":"523034041","full_name":"advanced-security/gh-codeql-scan","owner":"advanced-security","description":"GH CLI CodeQL Scan Extension","archived":false,"fork":false,"pushed_at":"2024-10-10T10:51:03.000Z","size":50,"stargazers_count":19,"open_issues_count":1,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-28T17:44:45.495Z","etag":null,"topics":["codeql","gh-extension","ghas"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/advanced-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null}},"created_at":"2022-08-09T16:48:58.000Z","updated_at":"2024-12-31T23:19:11.000Z","dependencies_parsed_at":"2023-04-10T17:02:35.396Z","dependency_job_id":null,"html_url":"https://github.com/advanced-security/gh-codeql-scan","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/advanced-security/gh-codeql-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fgh-codeql-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fgh-codeql-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fgh-codeql-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fgh-codeql-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/advanced-security","download_url":"https://codeload.github.com/advanced-security/gh-codeql-scan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/advanced-security%2Fgh-codeql-scan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265431548,"owners_count":23764031,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codeql","gh-extension","ghas"],"created_at":"2024-08-04T02:00:34.747Z","updated_at":"2025-09-16T17:29:49.085Z","avatar_url":"https://github.com/advanced-security.png","language":"Shell","readme":"\u003c!-- markdownlint-disable --\u003e\n\u003cdiv align=\"center\"\u003e\n\n\u003ch1\u003egh-codeql-scan\u003c/h1\u003e\n\n[![GitHub](https://img.shields.io/badge/github-%23121011.svg?style=for-the-badge\u0026logo=github\u0026logoColor=white)][github]\n[![GitHub Issues](https://img.shields.io/github/issues/advanced-security/gh-codeql-scan?style=for-the-badge)][github-issues]\n[![GitHub Stars](https://img.shields.io/github/stars/advanced-security/gh-codeql-scan?style=for-the-badge)][github]\n[![License](https://img.shields.io/github/license/advanced-security/gh-codeql-scan?style=for-the-badge)][license]\n\n\u003c/div\u003e\n\u003c!-- markdownlint-restore --\u003e\n\n[GitHub CLI CodeQL Scan Extension][github] to help abstract [CodeQL][codeql] away from users.\n\n\u003cdetails\u003e\n\u003csummary\u003eMotivation\u003c/summary\u003e\n\nThis project was created to make the lives of users that use CodeQL simpiler.\nCodeQL outside of GitHub Actions can be complicated but this projects aim is to make it as simple as possible.\n\n\u003c/details\u003e\n\n## Requirements\n\n- [GitHub CLI](https://cli.github.com/)\n- [CodeQL GH Extension][gh-codeql] (optional)\n\n## Install and Setup\n\nThis installs CodeQL and this scan tool:\n\n```bash\ngh extensions install github/gh-codeql\ngh extensions install advanced-security/gh-codeql-scan\n\ngh codeql-scan --help\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eCLI Help\u003c/summary\u003e\n\n\u003cpre\u003e\nGitHub CodeQL Scan tool\n\ngh codeql-scan {MODE} {ARGS}\n\n# Modes\n\ngh codeql-scan # default: \"scan\"\ngh codeql-scan init # initialise the scan \ngh codeql-scan analyze # run the analysis\ngh codeql-scan upload # upload present SARIF files\ngh codeql-scan scan # full end-to-end scan \n\n# Arguments\n\n\u003e All arguments can be set with enviroment variables\n\n-h|--help # Print help\n--debug # Enable debugging\n \n-r=*|--repo=* # GitHub Respository (OWNER/NAME)\n-i=*|--instance=* # GitHub Instance (github.com or Enterprise Server)\n\n-l=*|--language=* # Set language to scan\n--auto-detect # Auto-detect languages\n\n-s=*|--suite=* # Query Suite to use\n-d=*|--databases=* # Location of the databases to store\n-b=*|--binary=* # Path to the CodeQL Binary\n-w=*|--workspace=* # Workspace for the souce code\n\n-c=*|--command=* # Set the build comment (compiled languages)\n-m=*|--mode=* # Build mode (autobuild | none)\n--buildless # Enable buildless / build mode none\n\n--view-in-vscode # Auto-open the results in VSCode\n\n--disable-tracing # Disable Build Tracing\n--disable-trap-caching # Disable Trap file caching\n--disable-upload # Disable Uploading SARIF to GitHub\n--disable-banner # Disable printing banner\n\u003c/pre\u003e\n\n\u003c/details\u003e\n\n### Alias / Stub\n\nA couple of tips and tricks:\n\n```bash\n# Create an alias to make things even easier\nalias codeql-scan=\"gh codeql-scan\"\n```\n\n## Usage\n\nThe main use of the script is to automatically run CodeQL in a number of modes.\n\n```bash\n# End-to-end analysis and upload results\ngh codeql-scan\n```\n\n#### Initialise with language\n\nAutomatically detect languages or manually set the language to create an initial CodeQL database.\n\n```bash\ngh codeql-scan init --auto-detect\n# or manually set language\ngh codeql-scan init -l=java \n```\n\n#### Scan without build\n\nThis will scan your code in build mode `none`.\n\n```bash\ngh codeql-scan -m=\"none\"\n# or simply\ngh codeql-scan --buildless\n```\n\n#### Scan with Build Command\n\nPass in the build command for a compiled language and it will be run along with CodeQL.\n\n```bash\ngh codeql-scan -c \"mvn build ...\"\n```\n\n#### Indirect build tracing\n\nFor Compiled languages, complicated build process using indirect build tracing\n\n```bash\ngh codeql-scan init\necho \"password=$password\" \u003e settings.xml\nmvn build --random-custom=flags\ngh codeql-scan analyze\n```\n\n#### Running analysis\n\nRun query-suites on an existing database (auto-detects databases)\n\n```bash\ngh codeql-scan analyze\n```\n\n#### Uploading results to GitHub\n\nThe `upload` mode will upload all SARIF files for you to a repository\n\n```bash\ngh codeql-scan upload\n```\n\n## Maintainers \n\n- @GeekMasher\n\n## Support / Maintainance\n\nSupport is via [GitHub Issues][github-issues]\n\n## License \n\nThis project is licensed under the terms of the MIT open source license.\nPlease refer to [MIT][license] for the full terms.\n\n\u003c!-- Resources --\u003e\n\n[license]: ./LICENSE\n[github]: https://github.com/advanced-security/gh-codeql-scan\n[github-issues]: https://github.com/advanced-security/gh-codeql-scan/issues\n[codeql]: https://codeql.github.com/\n[gh-codeql]: https://github.com/github/gh-codeql\n\n","funding_links":[],"categories":["CodeQL CLI Tooling"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fgh-codeql-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadvanced-security%2Fgh-codeql-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadvanced-security%2Fgh-codeql-scan/lists"}