我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Troubleshooting CodeQL code scanning in your CI system

If you're having problems with the CodeQL runner, you can troubleshoot by using these tips.

代码扫描 可用于公共仓库,以及具有 Advanced Security 许可的组织拥有的私有仓库。 更多信息请参阅“GitHub 的产品”。

本文内容

注意:CodeQL runner 目前处于测试阶段,可能会更改。

The init command takes too long

Before the CodeQL runner can build and analyze code, it needs access to the CodeQL bundle, which contains the CodeQL CLI and the CodeQL libraries.

When you use the CodeQL runner for the first time on your machine, the init command downloads the CodeQL bundle to your machine. This download can take a few minutes. The CodeQL bundle is cached between runs, so if you use the CodeQL runner again on the same machine, it won't download the CodeQL bundle again.

To avoid this automatic download, you can manually download the CodeQL bundle to your machine and specify the path using the --codeql-path flag of the init command.

构建过程中找不到代码

If the analyze command for the CodeQL runner fails with an error No source code was seen during the build, this indicates that CodeQL was unable to monitor your code. Several reasons can explain such a failure.

  1. 自动语言检测发现了受支持的语言,但仓库中没有该语言的可分析代码。 一个典型的例子是,我们的语言检测服务发现了一个与特定的编程语言相关的文件,例如 .h.gyp 文件,但仓库中没有相应的可执行代码。 To solve the problem, you can manually define the languages you want to analyze by using the --languages flag of the init command. For more information, see "Configuring 代码扫描 in your CI system."

  2. You're analyzing a compiled language without using the autobuild command and you run the build steps yourself after the init step. For the build to work, you must set up the environment such that the CodeQL runner can monitor the code. The init command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the init command.

    • On macOS and Linux:
      $ . codeql-runner/codeql-env.sh
    • On Windows, using the Command shell (cmd) or a batch file (.bat):
      > call codeql-runner\codeql-env.bat
    • On Windows, using PowerShell:
      > cat codeql-runner\codeql-env.sh | Invoke-Expression

    The environment variables are also stored in the file codeql-runner/codeql-env.json. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the init command, then you can use the data in JSON format instead.

    Note: If you used the --temp-dir flag of the init command to specify a custom directory for temporary files, the path to the codeql-env files might be different.

  1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the CodeQL runner in the container or on the machine where your build task takes place. For more information, see "Running CodeQL code scanning in a container."

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。