{"id":17117671,"url":"https://github.com/j3ssie/sample-codeql-ci","last_synced_at":"2025-03-24T01:36:30.232Z","repository":{"id":220243641,"uuid":"736137282","full_name":"j3ssie/sample-codeql-ci","owner":"j3ssie","description":"This repository showcases GitHub Actions integrated with CodeQL for automated codebase security analysis.","archived":false,"fork":false,"pushed_at":"2023-12-27T05:15:29.000Z","size":8,"stargazers_count":1,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-29T07:48:55.827Z","etag":null,"topics":["codeql","codeql-action","sast"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/j3ssie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-12-27T04:56:00.000Z","updated_at":"2024-10-14T05:56:12.000Z","dependencies_parsed_at":"2024-02-05T22:03:53.701Z","dependency_job_id":null,"html_url":"https://github.com/j3ssie/sample-codeql-ci","commit_stats":null,"previous_names":["j3ssie/sample-codeql-ci"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j3ssie%2Fsample-codeql-ci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j3ssie%2Fsample-codeql-ci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j3ssie%2Fsample-codeql-ci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/j3ssie%2Fsample-codeql-ci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/j3ssie","download_url":"https://codeload.github.com/j3ssie/sample-codeql-ci/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245195802,"owners_count":20575936,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codeql","codeql-action","sast"],"created_at":"2024-10-14T17:52:20.978Z","updated_at":"2025-03-24T01:36:30.211Z","avatar_url":"https://github.com/j3ssie.png","language":"Python","readme":"# Github Action Example with CodeQL\n\nThis repository demonstrates the integration of GitHub Actions with CodeQL for automated security analysis of your codebase.\n\n## Overview\n\nThis project showcases the implementation of GitHub Actions using CodeQL, enabling automated code scanning and vulnerability detection in your software projects. CodeQL is a powerful static analysis tool used to identify security vulnerabilities, potential bugs, and code quality issues.\n\n## Repository Structure\n\n- **`.github/workflows/codeql.yaml`:** Contains the configuration for the GitHub Actions workflow responsible for triggering CodeQL analysis.\n- **`.github/codeql-config.yaml`:** Configuration for CodeQL selection of query suites and filtering settings.\n- **`vulnerable-source-code/`:** Directory housing your project's source code files.\n\n## CodeQL Configuration\n\n```yaml\nname: \"CodeQL config\"\n\ndisable-default-queries: false\n\nqueries:\n - uses: security-and-quality\n - name: Enable all security queries\n uses: security-extended\n\nquery-filters:\n - exclude:\n problem.severity:\n - warning\n - recommendation\n```\n\n## Github Action file\n\n```yaml\n# For most projects, this workflow file will not need changing; you simply need\n# to commit it to your repository.\n#\n# You may wish to alter this file to override the set of languages analyzed,\n# or to provide custom queries or build logic.\n#\n# ******** NOTE ********\n# We have attempted to detect the languages in your repository. Please check\n# the `language` matrix defined below to confirm you have the correct set of\n# supported CodeQL languages.\n#\nname: \"CodeQL\"\n\non:\n push:\n branches: [main]\n # # Scan changed files in PRs (diff-aware scanning):\n # pull_request: {}\n pull_request:\n branches: [main]\n # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened\n # by other workflows.\n types: [opened, synchronize, reopened, ready_for_review]\n # schedule:\n # # Weekly on Sunday.\n # - cron: '30 1 * * 0'\n\njobs:\n analyze:\n name: Analyze\n # Runner size impacts CodeQL analysis time. To learn more, please see:\n # - https://gh.io/recommended-hardware-resources-for-running-codeql\n # - https://gh.io/supported-runners-and-hardware-resources\n # - https://gh.io/using-larger-runners\n # Consider using larger runners for possible analysis time improvements.\n runs-on: ${{ (matrix.language == 'swift' \u0026\u0026 'macos-latest') || 'ubuntu-latest' }}\n timeout-minutes: ${{ (matrix.language == 'swift' \u0026\u0026 120) || 360 }}\n permissions:\n actions: read\n contents: read\n security-events: write\n\n strategy:\n fail-fast: false\n matrix:\n language: [ 'python', 'go', 'javascript' ] # @NOTE: You may need to change depend on your repo\n\n # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]\n # Use only 'java' to analyze code written in Java, Kotlin or both\n # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both\n # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v3\n\n # Initializes the CodeQL tools for scanning.\n - name: Initialize CodeQL\n uses: github/codeql-action/init@v2\n with:\n languages: ${{ matrix.language }}\n config-file: ./.github/codeql-config.yaml # @NOTE: You may need to change depend on your repo\n\n # If you wish to specify custom queries, you can do so here or in a config file.\n # By default, queries listed here will override any specified in a config file.\n # Prefix the list here with \"+\" to use these queries and those in the config file.\n\n # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs\n # queries: security-extended,security-and-quality\n\n\n # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).\n # If this step fails, then you should remove it and run the build manually (see below)\n - name: Autobuild\n uses: github/codeql-action/autobuild@v2\n\n # ℹī¸ Command-line programs to run using the OS shell.\n # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun\n\n # If the Autobuild fails above, remove it and uncomment the following three lines.\n # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.\n\n # - run: |\n # echo \"Run, Build Application using script\"\n # ./location_of_script_within_repo/buildscript.sh\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v2\n with:\n category: \"/language:${{matrix.language}}\"\n # default will be output: /home/runner/work/sample-codeql-ci/results/\n output: ../analyze-results\n\n # Upload SARIF result to the GitHub Security Dashboard\n - uses: actions/upload-artifact@v3\n with:\n name: codeql-output.sarif\n path: /home/runner/work/sample-codeql-ci/analyze-results/\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj3ssie%2Fsample-codeql-ci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fj3ssie%2Fsample-codeql-ci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fj3ssie%2Fsample-codeql-ci/lists"}