CodeQL-powered analysis for Code Quality

Information on how CodeQL-powered analysis for Code Quality works, the workflow used, and the status checks reported on pull requests.

この記事の内容

メモ

GitHub Code Quality は現在 パブリック プレビュー にあり、変更される可能性があります。 パブリック プレビュー の間、Code Quality は課金されませんが、Code Quality スキャンでは GitHub Actions 分が消費されます。

CodeQL-powered analysis

Code Quality uses CodeQL to perform rule-based analysis of pull requests and your default branch.

  • Findings for your default branch appear under the "標準の結果" dashboard under your repository's Security tab.

  • Findings on pull requests appear as comments made by github-code-quality[bot].

Copilotの自動修正 suggestions are provided for findings where possible.

Query lists for supported languages

Each Code Quality rule is written as a query in CodeQL and then run using GitHub Actions.

The rules are continually refined by both GitHub and open source developers.

For more information about the CodeQL project, see https://codeql.github.com/.

Workflow used for code quality analysis

You can see all the workflow runs for Code Quality on the Actions tab for your repository. The dynamic workflow is called "コード品質".

By default, the コード品質 workflow runs on standard GitHub runners but you can configure Code Quality to use runners with a specific label. These may be hosted by GitHub or self-hosted.

If your organization has configured caching of private registries, these will be available for code quality analysis to use to resolve dependencies.

For more information, see:

Pull request status checks

When code quality analysis runs on a pull request, the "CodeQL - コード品質 / Analyze" check is shown in the "Checks" section at the bottom of the pull request.

Any code problems identified by the scan are reported in comments on the pull request. The comment is made by the github-code-quality[bot] and includes a Copilotの自動修正 suggestion.

Status check failures

The workflow failed to run. For example, your budget for actions minutes is exhausted. See Viewing logs to diagnose failures.

Merging is blocked: Code quality findings were detected

The scan found problems in the code that exceed the quality gate set by a code quality branch rule for the repository. You need to resolve these problems before you can merge the pull request. See pull request でのブロックの解決.