In this project, we provide examples of writing workflows using CodeQL to scan code in various languages such as Python, Java, .NET, and Terraform.
-
.github/workflows:
- dotnet-scan
- java-scan
- python-scan
- terraform-scan
-
dotnet-code-folder:
-
java-code-folder:
-
python-code-folder:
-
terraform-code-folder:
The .github/workflows folder contains workflows used to scan code in different languages, including:
- dotnet-scan: Workflow for scanning .NET code
- java-scan: Workflow for scanning Java code
- python-scan: Workflow for scanning Python code
- terraform-scan: Workflow for scanning Terraform code
The dotnet-code-folder, java-code-folder, python-code-folder, and terraform-code-folder contain sample code written in the specified languages.
Add the following steps to the workflow
- Initialize CodeQL tools for scanning
- name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: ${{ matrix.language }}
- Autobuild attempts to build any compiled languages (C/C++, C#, or Java)
- name: Autobuild uses: github/codeql-action/autobuild@v1
This step automatically builds the code.
- Scan and analyze code with CodeQL
- name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1
Add the following steps to the workflow
-
Initialize and Analyze IaC
- name: Initialize and Analyze IaC id: codeql_iac uses: advanced-security/codeql-extractor-iac@main
-
Upload SARIF file Since the CodeQL Extractor generates a SARIF file but doesn't upload it, use github/codeql-action/upload-sarif to manually upload the file.
- name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: sarif_file: codeql-iac.sarif