ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Troubleshooting CodeQL code scanning in your CI system

If you're having problems with the CodeQL runner, you can troubleshoot by using these tips.

Code scanning is available for all public repositories and for private repositories owned by organizations where GitHub Advanced Security is enabled. 詳しい情報については、「GitHub Advanced Security について」を参照してください。

ここには以下の内容があります:

ノート: CodeQL runnerは現在ベータで、変更されることがあります。

ノート: プライベート及びインターナルリポジトリについては、code scanningはGitHub Advanced Security機能がそのリポジトリで有効化されている場合に利用できます。 Advanced Security must be enabled for this repository to use code scanning(Code Scanningを利用するためにはAdvanced Securityが有効になっていなければなりません)というエラーが表示されたなら、GitHub Advanced Securityが有効になっているかをチェックしてください。 詳しい情報については「リポジトリのセキュリティ及び分析の設定の管理」を参照してください。

The init command takes too long

Before the CodeQL runner can build and analyze code, it needs access to the CodeQL bundle, which contains the CodeQL CLI and the CodeQL libraries.

When you use the CodeQL runner for the first time on your machine, the init command downloads the CodeQL bundle to your machine. This download can take a few minutes. The CodeQL bundle is cached between runs, so if you use the CodeQL runner again on the same machine, it won't download the CodeQL bundle again.

To avoid this automatic download, you can manually download the CodeQL bundle to your machine and specify the path using the --codeql-path flag of the init command.

ビルド中にコードが見つからない

If the analyze command for the CodeQL runner fails with an error No source code was seen during the build, this indicates that CodeQL was unable to monitor your code. Several reasons can explain such a failure.

  1. 自動言語検出により、サポートされている言語が特定されたが、リポジトリにその言語の分析可能なコードがない。 一般的な例としては、言語検出サービスが .h.gyp ファイルなどの特定のプログラミング言語に関連付けられたファイルを見つけたが、対応する実行可能コードがリポジトリに存在しない場合です。 To solve the problem, you can manually define the languages you want to analyze by using the --languages flag of the init command. For more information, see "Configuring code scanning in your CI system."

  2. You're analyzing a compiled language without using the autobuild command and you run the build steps yourself after the init step. For the build to work, you must set up the environment such that the CodeQL runner can monitor the code. The init command generates instructions for how to export the required environment variables, so you can copy and run the script after you've run the init command.

    • On macOS and Linux:
      $ . codeql-runner/codeql-env.sh
    • On Windows, using the Command shell (cmd) or a batch file (.bat):
      > call codeql-runner\codeql-env.bat
    • On Windows, using PowerShell:
      > cat codeql-runner\codeql-env.sh | Invoke-Expression

    The environment variables are also stored in the file codeql-runner/codeql-env.json. This file contains a single JSON object which maps environment variable keys to values. If you can't run the script generated by the init command, then you can use the data in JSON format instead.

    Note: If you used the --temp-dir flag of the init command to specify a custom directory for temporary files, the path to the codeql-env files might be different.

  3. You're analyzing a compiled language on macOS without using the autobuild command and you run the build steps yourself after the init step. If SIP (System Integrity Protection) is enabled, which is the default on recent versions of OSX, analysis might fail. To fix this, prefix the build command with the $CODEQL_RUNNER environment variable. For example, if your build command is cmd arg1 arg2, you should run $CODEQL_RUNNER cmd arg1 arg2.

  4. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the CodeQL runner in the container or on the machine where your build task takes place. For more information, see "Running CodeQL code scanning in a container."

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

OR, learn how to contribute.