コード スキャンをカスタマイズする
CodeQL パックとカスタム クエリを作成して使用することで、プロジェクト固有のセキュリティ ニーズを満たすようにコード スキャンをカスタマイズする方法について説明します。
Evaluating default setup for code scanning
Learn how to assess how code scanning is working for you, and how you can customize your setup to best meet your needs.
Preparing your code for CodeQL analysis
You can build a CodeQL database containing the data needed to analyze your code.
Analyzing your code with CodeQL queries
You can run queries against a CodeQL database extracted from a codebase.
Uploading CodeQL analysis results to GitHub
You can use the CodeQL CLI to upload CodeQL analysis results to GitHub.
Running CodeQL code scanning in a container
You can run code scanning in a container by ensuring that all processes run in the same container.
Customizing analysis with CodeQL packs
You can use CodeQL packs to run CodeQL queries maintained by other people, or to share CodeQL queries that you've developed.
Creating CodeQL query suites
You can create query suites for queries you frequently use in your CodeQL analyses.
Creating and working with CodeQL packs
You can use CodeQL packs to create, share, depend on, and run CodeQL queries and libraries.