Skip to content

Commit 9c083d3

Browse files
b4yuanb4yuan
authored
Update CodeQL WF
Include rule filtering to filter out rules with high false positive rates, uploading CodeQL results to 'Code scanning' under the Security tab on Github, uploading CodeQL results as an artifact Signed-off-by: Brian <[email protected]>
1 parent a1ca612 commit 9c083d3

File tree

1 file changed

+37
-5
lines changed

1 file changed

+37
-5
lines changed

.github/workflows/codeql.yml

+37-5
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,7 @@ name: "CodeQL"
22

33
on:
44
push:
5-
branches: [ "master", "codeql" ]
6-
pull_request:
7-
branches: [ "master", "codeql" ]
8-
schedule:
9-
- cron: "23 8 * * 5"
5+
branches: [ "tseting2" ]
106

117
jobs:
128
analyze:
@@ -41,3 +37,39 @@ jobs:
4137
uses: github/codeql-action/analyze@v2
4238
with:
4339
category: "/language:cpp"
40+
upload: false
41+
id: step1
42+
43+
- name: Filter out unwanted errors and warnings
44+
uses: advanced-security/filter-sarif@v1
45+
with:
46+
patterns: |
47+
-**:cpp/path-injection
48+
-**:cpp/world-writable-file-creation
49+
-**:cpp/poorly-documented-function
50+
-**:cpp/potentially-dangerous-function
51+
-**:cpp/use-of-goto
52+
-**:cpp/integer-multiplication-cast-to-long
53+
-**:cpp/comparison-with-wider-type
54+
-**:cpp/leap-year/*
55+
-**:cpp/ambiguously-signed-bit-field
56+
-**:cpp/suspicious-pointer-scaling
57+
-**:cpp/suspicious-pointer-scaling-void
58+
-**:cpp/unsigned-comparison-zero
59+
-**/cmake*/Modules/**
60+
input: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
61+
output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
62+
63+
- name: Upload CodeQL results to code scanning
64+
uses: github/codeql-action/upload-sarif@v2
65+
with:
66+
sarif_file: ${{ steps.step1.outputs.sarif-output }}
67+
category: "/language:cpp"
68+
69+
- name: Upload CodeQL results as an artifact
70+
if: success() || failure()
71+
uses: actions/upload-artifact@v3
72+
with:
73+
name: codeql-results
74+
path: ${{ steps.step1.outputs.sarif-output }}
75+
retention-days: 5

0 commit comments

Comments
 (0)