Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/actionsdesk/jenkins-codeql-analysis-library

Leverage CodeQL analysis via this Jenkins shared library
https://github.com/actionsdesk/jenkins-codeql-analysis-library

Last synced: about 5 hours ago
JSON representation

Leverage CodeQL analysis via this Jenkins shared library

Host: GitHub
URL: https://github.com/actionsdesk/jenkins-codeql-analysis-library
Owner: ActionsDesk
License: mit
Created: 2022-05-22T19:06:05.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-08-25T01:49:55.000Z (about 2 years ago)
Last Synced: 2023-03-03T20:57:36.036Z (over 1 year ago)
Language: Groovy
Size: 75.2 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

# Jenkins Shared Library: CodeQL Analysis

This [shared library](https://jenkins.io/doc/book/pipeline/shared-libraries/) allows Jenkins pipelines to initialize and perform CodeQL analysis on a project. There exists a [Jenkins CodeQL plugin](https://plugins.jenkins.io/codeql/), but currently it only supports installing and setting up the [CodeQL CLI](https://codeql.github.com/docs/codeql-cli/) on a Jenkins agent during a build.

## Purpose

At a high level, the purpose of this library is to perform the following:

- Download CodeQL
- Detect languages of the project
- Run dynamic CodeQL init step
- if (language == compiled)
- Trace the build (set environment variables)
- Run commands in plugin block
- Run finalize and analyze commands on all databases
- Upload results to the project repository

## References

A list of helpful references:

- [CodeQL CLI Binaries](https://github.com/github/codeql-cli-binaries/releases)
- [Creating CodeQL databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/), including [using indirect build tracing](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#using-indirect-build-tracing)

## Known issues

A list of known issues is available on the [GitHub issues page of this project][jenkins-codeql-lib-issues].

## Getting Started

This section will contain instructions for using the shared library.

## Contributing

Read and understand our [contribution guidelines][jenkins-codeql-lib-contributing] before opening a pull request.

[jenkins-codeql-lib-issues]: https://github.com/ActionsDesk/jenkins-codeql-analysis-library/issues
[jenkins-codeql-lib-contributing]: .github/CONTRIBUTING.md