From 1fceeed32ca256847cde2ca4ea71f27e46c431ba Mon Sep 17 00:00:00 2001 From: james Date: Tue, 13 Sep 2022 13:53:05 +0100 Subject: [PATCH] address review comments --- docs/codeql/codeql-cli/creating-codeql-databases.rst | 10 +++++++++- .../analyzing-your-projects.rst | 2 +- docs/codeql/reusables/download-github-database.rst | 11 ++++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-cli/creating-codeql-databases.rst b/docs/codeql/codeql-cli/creating-codeql-databases.rst index 0ea4f1ef4b5..af254d865cf 100644 --- a/docs/codeql/codeql-cli/creating-codeql-databases.rst +++ b/docs/codeql/codeql-cli/creating-codeql-databases.rst @@ -5,11 +5,17 @@ Creating CodeQL databases Before you analyze your code using CodeQL, you need to create a CodeQL database containing all the data required to run queries on your code. +You can create CodeQL databases yourself using the CodeQL CLI, +or download them from GitHub.com. CodeQL analysis relies on extracting relational data from your code, and using it to build a :ref:`CodeQL database `. CodeQL databases contain all of the important information about a codebase, which can -be analyzed by executing CodeQL queries against it. +be analyzed by executing CodeQL queries against it. GitHub creates and +stores CodeQL databases for a large number of open-source projects. For more information, +see ":ref:`Downloading CodeQL databases from GitHub.com `." + +You can also create CodeQL databases yourself using the CodeQL CLI. Before you generate a CodeQL database, you need to: - Install and set up the CodeQL CLI. For more information, see @@ -379,6 +385,8 @@ The following example shows how you could use indirect build tracing in an Azure # `codeql database analyze` # then `codeql github upload-results` ... +.. _downloading-databases-from-github-com: + Downloading databases from GitHub.com ------------------------------------- diff --git a/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst b/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst index 6a59754eaa5..89fe41c454e 100644 --- a/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst +++ b/docs/codeql/codeql-for-visual-studio-code/analyzing-your-projects.rst @@ -14,7 +14,7 @@ To analyze a project, you need to add a :ref:`CodeQL database ` #. Open the CodeQL Databases view in the sidebar. -#. Hover over the **Databases** title bar and click the appropriate icon to add your database. You can add a database from a local ZIP archive or folder, from a public URL, or from a project slug on GitHub.com. +#. Hover over the **Databases** title bar and click the appropriate icon to add your database. You can add a database from a local ZIP archive or folder, from a public URL, or from a project's URL on GitHub.com. .. image:: ../images/codeql-for-visual-studio-code/choose-database.png :width: 350 diff --git a/docs/codeql/reusables/download-github-database.rst b/docs/codeql/reusables/download-github-database.rst index 0b1325fc5fe..2e4bfd9a58c 100644 --- a/docs/codeql/reusables/download-github-database.rst +++ b/docs/codeql/reusables/download-github-database.rst @@ -1,5 +1,14 @@ GitHub stores CodeQL databases for over 200,000 repos on GitHub.com, which you can download using the REST API. The list of repos is constantly growing and evolving to make sure that it includes the most interesting codebases for security research. -To download a database from GitHub.com using the `GitHub CLI `__, use the following command:: +You can check if a repo has any CodeQL databases available to download using the `/repos///code-scanning/codeql/databases` endpoint. +For example, to check for CodeQL databases using the `GitHub CLI `__ you would run:: + + gh api /repos///code-scanning/codeql/databases/ + +This command will return information about the CodeQL databases that are available for a repository, including the language the database represents, and when the database was last updated. If no CodeQL databases are available, the response will be empty. + +When you have confirmed that a CodeQL database exists for the language you are interested in, you can download it using the following command:: gh api /repos///code-scanning/codeql/databases/ -H 'Accept: application/zip' > path/to/local/database.zip + +TODO: add link to the REST API docs. \ No newline at end of file