我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Running CodeQL code scanning in a container

You can run 代码扫描 in a container by ensuring that all processes run in the same container.

代码扫描 可用于公共仓库,以及具有 Advanced Security 许可的组织拥有的私有仓库。 更多信息请参阅“GitHub 的产品”。

本文内容

About 代码扫描 with a containerized build

If you're setting up 代码扫描 for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that CodeQL was unable to monitor your code as it was compiled.

You must run CodeQL in the same container in which you build your code. This applies whether you are using the CodeQL runner, or GitHub Actions. If you're using the CodeQL runner, run it in the container where your code builds. 有关 CodeQL runner 的更多信息,请参阅“在 CI 系统中运行 CodeQL”。 If you're using GitHub Actions, configure your workflow to run all the actions in the same container. For more information, see "Example workflow."

依赖项

You may have difficulty running 代码扫描 if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on GitHub's virtual environments. For more information, see the version-specific readme files in these locations:

Example workflow

This sample workflow uses GitHub Actions to run CodeQL analysis in a containerized environment. The value of container.image identifies the container to use. In this example the image is named codeql-container, with a tag of f0f91db. 更多信息请参阅“GitHub Actions 的工作流程语法”。

name: "CodeQL"

on: 
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 0 * * 0'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest 

    strategy:
      fail-fast: false
      matrix:
        language: [java]

    # Specify the container in which actions will run
    container:
      image: codeql-container:f0f91db

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
    - name: Build
      run: |
        ./configure
        make
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。