Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/j3ssie/codeql-docker

Ready to use docker image for CodeQL
https://github.com/j3ssie/codeql-docker

codeql codeql-cli codeql-docker codql-cli docker sast static-analysis

Last synced: 3 months ago
JSON representation

Ready to use docker image for CodeQL

Host: GitHub
URL: https://github.com/j3ssie/codeql-docker
Owner: j3ssie
Created: 2021-03-02T08:35:22.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2024-01-10T14:20:06.000Z (about 1 year ago)
Last Synced: 2024-10-15T17:52:22.784Z (3 months ago)
Topics: codeql, codeql-cli, codeql-docker, codql-cli, docker, sast, static-analysis
Language: Python
Homepage:
Size: 20.5 KB
Stars: 88
Watchers: 5
Forks: 11
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Docker for CodeQL

Based on [microsoft/codeql-container](https://github.com/microsoft/codeql-container) with Java, Golang installed and .NET removed.

## Build & Run

```shell
docker build -t j3ssie/codeql-docker:latest .
```

or pull the latest from Docker hub

```shell
docker pull j3ssie/codeql-docker:latest

```
***

## Usage

### Run with helper scripts

```shell
# usage
./scripts/run.py -l -s [--format=csv] [-o ouput]

# simple usage
./scripts/run.py -l go -s /tmp/insecure-project
# default output is JSON format so read them with this command
cat results/issues.sarif-latest| jq '.runs[].results'

# with custom format and output
./scripts/run.py -l javascript -s /tmp/cc/code-scanning-javascript-demo --format=csv -o sample
# your output will be store at sample/issues.csv

```

### Run with docker command

With `/tmp/src` is your source code and `/tmp/results` is where result store.

> NOTE: make sure /tmp/results folder exist otherwise it won't work

```shell
# run in the current folder
mkdir -p ${PWD}/codeql-result
docker run --rm --name codeql-docker -v ${PWD}:/opt/src -v ${PWD}/codeql-result:/opt/results -e "LANGUAGE=javascript" -e "THREADS=5" j3ssie/codeql-docker:latest

# simple usage
docker run --rm --name codeql-docker -v "/tmp/src:/opt/src" -v "/tmp/local-results:/opt/results" -e "LANGUAGE=go" j3ssie/codeql-docker:latest

# more options
docker run --rm --name codeql-docker -v "/tmp/src:/opt/src" -v "/tmp/local-results:/opt/results" -e "LANGUAGE=javascript" -e "FORMAT=csv" -e "QS=javascript-security-and-quality.qls" j3ssie/codeql-docker:latest

```

### Manual analyze

```shell
# Directly access container with bash shell
docker run -it --entrypoint=/bin/bash -t j3ssie/codeql-docker:latest

# Copy your code to container
docker cp :/opt/src

# create DB in this folder /opt/src/db
# This might take a while depend on your code
codeql database create --language= /opt/src/db -s /opt/src

# run analyze
# normally query-suites will will be: -security-and-quality.qls
codeql database analyze --format=sarif-latest --output=/opt/issues.sarif /opt/src/db

# copy the result back to host machine
docker cp :/opt/issues.sarif .
```

### Other commands

```shell
# List all query suites
codeql resolve queries

# Upgrade DB
codeql database upgrade

```