| 12345678910111213141516171819202122232425262728293031323334 |
- name: Run CodeQL Analysis
- description: Run and upload CodeQL Analysis
- inputs:
- language:
- description: "language for codeql analysis"
- required: true
- runs:
- using: "composite"
- steps:
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
- with:
- category: "/language:${{ inputs.language }}"
- upload: False
- output: sarif-results
- - name: filter-sarif
- uses: advanced-security/filter-sarif@v1
- with:
- patterns: |
- -**/third_party/**
- -**/scripts/**
- input: "sarif-results/${{ inputs.language }}.sarif"
- output: "sarif-results/${{ inputs.language }}.sarif"
- - name: Upload SARIF
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: "sarif-results/${{ inputs.language }}.sarif"
- - name: Upload loc as a Build Artifact
- uses: actions/upload-artifact@v2.2.0
- with:
- name: sarif-results
- path: sarif-results
- retention-days: 1
|
