If an automatic build of code for a compiled language within your project fails, try the following troubleshooting steps. For more information on multiple configurations and deleting stale configurations, see " About code scanning alerts" and " Managing code scanning alerts for your repository." Automatic build for a compiled language fails To avoid outdated alerts, you should remove stale code scanning configurations from a branch. Additionally, stale configurations that no longer run will display outdated alert statuses, and the stale alerts will stay open indefinitely. These configurations can generate duplicate alerts. In some cases, your repository may use multiple code scanning configurations. For more information, see " Disabling and enabling a workflow" and " Configuring code scanning for a repository." Then you should re-enable your pre-existing workflows to start triggering and uploading results from advanced setup. If you want to return to using advanced setup and get code scanning results from your custom workflow file, click Disable CodeQL to disable default setup. If there is a Switch to advanced option, you are currently using the default setup. In the "Code scanning" section of the page, next to "CodeQL analysis," click. In the "Security" section of the sidebar, click Code security and analysis. To check if default setup is enabled, navigate to the main page of the repository, then click Settings. When you enable default setup, this disables the existing CodeQL workflow file and blocks any CodeQL API analysis from uploading results. If your code scanning results are different than you expected, your repository may have both default and advanced code scanning setups. name: Initialize CodeQL uses: with: debug: true Results are different than expected For this, you need to modify the init step of your CodeQL analysis workflow file and set debug: true. You can create CodeQL debugging artifacts by using a flag in your workflow. Creating CodeQL debugging artifacts using a workflow flag You do not need to modify the workflow file when creating CodeQL debugging artifacts by re-running jobs. You'll then be able to download debug-artifacts to investigate further. This option enables runner diagnostic logging and step debug logging for the run. You need to ensure that you select Enable debug logging. For more information about re-running GitHub Actions workflows and jobs, see " Re-running workflows and jobs." You can create CodeQL debugging artifacts by enabling debug logging and re-running the jobs. Creating CodeQL debugging artifacts by re-running jobs with debug logging enabled If you contact GitHub support, they might ask for this data. These artifacts will help you debug problems with CodeQL code scanning. The data contains the CodeQL logs, CodeQL database(s), and any SARIF file(s) produced by the workflow. The debug artifacts will be uploaded to the workflow run as an artifact named debug-artifacts. You can obtain artifacts to help you debug CodeQL. For more information, see " Enabling debug logging." Creating CodeQL debugging artifacts To produce more detailed logging output, you can enable step debug logging. ![]() For more information, see " Managing security and analysis settings for your repository." Producing detailed logs for debugging If you see the error Advanced Security must be enabled for this repository to use code scanning, check that GitHub Advanced Security is enabled. Note: For private and internal repositories, code scanning is available when GitHub Advanced Security features are enabled for the repository.
0 Comments
Leave a Reply. |