https://github.com/advanced-security/codeql-extractor-action
CodeQL Extractor Action
https://github.com/advanced-security/codeql-extractor-action
Last synced: 5 months ago
JSON representation
CodeQL Extractor Action
- Host: GitHub
- URL: https://github.com/advanced-security/codeql-extractor-action
- Owner: advanced-security
- License: mit
- Created: 2025-02-14T17:37:57.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2025-06-13T16:12:15.000Z (6 months ago)
- Last Synced: 2025-06-13T16:58:18.260Z (6 months ago)
- Language: Rust
- Size: 310 KB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-codeql - codeql-extractor-action - specify a CodeQL extractor to be used in your workflows as an author of an Extractor. (CodeQL Extractor Helpers)
README
CodeQL Extractor Action
[][github]
[][github-actions]
[][github-issues]
[][github]
[][license]
## Overview
[CodeQL Extractor Action][github] is a GitHub Action that allows you to specify a CodeQL extractor to be used in your workflows as an author of an Extractor.
This action is designed to be used in conjunction with the [CodeQL][CodeQL] analysis tool, which is a powerful static analysis tool that can be used to find vulnerabilities in your code.
> [!WARNING]
> This action downloads the extractor from the GitHub repository. Make sure to use a trusted repository, owner, and extractor.
## ✨ Features
- **Easy to use**: The action is designed to be simple and easy to integrate into your existing GitHub Actions workflows.
- **End-to-end workflow**: The action provides end-to-end workflow for extracting code from your repository and running CodeQL analysis.
- **Customizable**: The action allows you to customize the extraction process to fit your specific needs.
## Usage
```yml
- name: "CodeQL Extractor Action"
uses: advanced-security/codeql-extractor-action@v0.1.0
with:
# Repository reference (e.g. "owner/repo", "owner/repo@ref")
extractor: "advanced-security/codeql-extractor-iac"
# [optional]: Language(s) used to verify the extractor
languages: "iac"
# [optional] Attest the authenticity of the extractor
attestation: true
```
## Q&A
**Whats is an Extractor?**
A CodeQL extractor is a tool that extracts code from a repository and prepares it for analysis by the CodeQL engine. It is used to convert the code into a format that can be analyzed by CodeQL.
**How do I create an Extractor?**
To create an extractor, you need to create a GitHub repository that contains the extractor releases as an artifact / assest in a GitHub release.
The extractor should be a Tarball file that contains the compiled extractor and all other necessary files for the extractor to run.
## Maintainers
## Support
Please create [GitHub Issues][github-issues] or [GitHub Discussion][github-discussions] if there are bugs or feature requests.
This project uses [Sematic Versioning (v2)](https://semver.org/) and with major releases, breaking changes will occur.
## License
This project is licensed under the terms of the MIT open source license.
Please refer to [MIT][license] for the full terms.
[license]: ./LICENSE
[github]: https://github.com/advanced-security/codeql-extractor-action
[github-issues]: https://github.com/advanced-security/codeql-extractor-action/issues
[github-actions]: https://github.com/advanced-security/codeql-extractor-action/actions
[github-discussions]: https://github.com/advanced-security/codeql-extractor-action/discussions
[CodeQL]: https://codeql.github.com/
