Skip to content

Latest commit

 

History

History
45 lines (24 loc) · 2.76 KB

README.md

File metadata and controls

45 lines (24 loc) · 2.76 KB

Code Scanning a GitHub repo using Azure Pipelines

Use Case

See full walkthrough blog post: sam.hope-evans.com/code-scanning-a-github-repo-using-azure-pipelines/

This repo will show how you can host your code in GitHub and use an Azure DevOps (ADO) pipeline to run GitHub Advanced Security CodeQL scans and return the results back to the GitHub interface.

CodeQL-AzurePipelines

Requirements

Overview

This repo has a simple Node JS App which uses an ADO pipeline run the CodeQL scan.

Build Status

The ADO pipeline uses the CodeQL API to:

  • Download the latest CodeQL bundle for the detected OS
  • Detect the languages of a given repository to determine which ones are supported by CodeQL
  • Create CodeQL databases, analyze, and upload results back to GitHub for each supported language

GitHub security tab

In GitHub you can now see the security scan results and also the current status of CodeQL.

image

Credit

Based on this blog post by Kevin Alwell.

The CodeQL runner is now deprecated.

So adapted the Azure pipeline using David Wiggs's CodeQL Anywhere repo.