Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/geekmasher/codeql-dependency-graph-action

CodeQL <-> Dependency Graph Actions
https://github.com/geekmasher/codeql-dependency-graph-action

Last synced: 13 days ago
JSON representation

CodeQL <-> Dependency Graph Actions

Host: GitHub
URL: https://github.com/geekmasher/codeql-dependency-graph-action
Owner: GeekMasher
License: mit
Created: 2023-02-07T11:47:01.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-01-18T09:22:10.000Z (10 months ago)
Last Synced: 2024-01-18T13:04:46.617Z (10 months ago)
Language: Python
Size: 431 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # codeql-dependency-graph-action

CodeQL Dependency Graph Action is focused on capturing as much information from CodeQL databases and build out a bill of materials that was discovered during analysis.

This is them uploaded as a snapshot to the Dependency Graph to discover if the versions of software contain any security issues.

## Usage

```yaml

- name: CodeQL Dependency Graph

  uses: geekmasher/[email protected]

```

**Sample Action Workflow**

```yaml

- name: Initialize CodeQL

  uses: github/codeql-action/init@v2

  with:

    languages: ${{ matrix.language }}

  # autobuild or manual build

- name: CodeQL Dependency Graph

  uses: geekmasher/[email protected]

- name: Perform CodeQL Analysis

  uses: github/codeql-action/analyze@v2

```

## Features

| Language   | Query                                   | Completeness               |

| ---------- | --------------------------------------- | -------------------------- |

| C/C++      | :white_check_mark: [query](./ql/cpp)    | :large_orange_diamond: [1] |

| C#         | :red_circle:                            |                            |

| Go         | :red_circle:                            |                            |

| Java       | :white_check_mark: [query](./ql/java)   | :white_check_mark: [2]     |

| JavaScript | :red_circle:                            |                            |

| Python     | :white_check_mark: [query](./ql/python) | :large_orange_diamond: [3] |

| Ruby       | :red_circle:                            |                            |

*Notes:*

1. C/C++ information is incomplete. The query is able to some data on dependencies, but the information is not complete. This is due to the fact that the CodeQL C/C++ extractor does not extract all the information needed to build a complete the dependency information.

2. Java information is pretty complete. Both Gradle and Maven are supported well.

3. Python's data is incomplete. Not all the information is available to build a complete dependency graph.