diff --git a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst index 0ea124501e1..6ffe08708bd 100644 --- a/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst @@ -64,9 +64,9 @@ You can also specify: see `Configuring CodeQL CLI in your CI system `__ in the GitHub documentation. - ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written - in Markdown to SARIF (v2.1.0 or later) analysis results. For each query that runs, CodeQL command - replaces the ``.ql`` extension of the query file with ``.md``. If the .md file exists, - its contents are treated as Markdown-formatted help text for the query and included in the SARIF output. + in Markdown to SARIF (v2.1.0 or later) analysis results. Query help stored in ``.qhelp`` files must be + converted to ``.md`` before running the analysis. For further information, + see ":doc:`Testing query help files `." - .. include:: ../reusables/threads-query-execution.rst @@ -206,6 +206,20 @@ A SARIF results file is generated. Specifying ``--format=sarif-latest`` ensures that the results are formatted according to the most recent SARIF specification supported by CodeQL. +.. _including-query-help-for-custom-codeql-queries-in-sarif-files: + +Including query help for custom CodeQL queries in SARIF files +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Code scanning does not process ``.qhelp`` files for custom CodeQL queries, so to show +query help for custom queries in the code scanning UI you must include markdown-rendered query help +in SARIF files generated during an analysis. + +For CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files +by providing the ``--sarif-add-query-help`` option when running +``codeql database analyze``. Query help written in ``.qhelp`` files cannot be include in SARIF files, +somust be converted to markdown before running the analysis. For more information, see +":doc:`Testing query help files `." Results ------- diff --git a/docs/codeql/codeql-cli/testing-query-help-files.rst b/docs/codeql/codeql-cli/testing-query-help-files.rst index ba5cf3901e7..0aafed4f8e7 100644 --- a/docs/codeql/codeql-cli/testing-query-help-files.rst +++ b/docs/codeql/codeql-cli/testing-query-help-files.rst @@ -15,6 +15,10 @@ in the CodeQL repository. The CodeQL CLI includes a command to test query help and render the content as markdown, so that you can easily preview the content in your IDE. Use the command to validate query help files before uploading them to the CodeQL repository or sharing them with other users. +For CodeQL CLI 2.7.1 onwards, you can also include the markdown-rendered query help in SARIF files +generated during CodeQL analyses so that the query help can be displayed in the code scanning UI. +For more information, see +":ref:`Analyzing databases with the CodeQL CLI `." Prerequisites ------------- diff --git a/docs/codeql/writing-codeql-queries/query-help-files.rst b/docs/codeql/writing-codeql-queries/query-help-files.rst index b19ff548a66..60c37fce84f 100644 --- a/docs/codeql/writing-codeql-queries/query-help-files.rst +++ b/docs/codeql/writing-codeql-queries/query-help-files.rst @@ -40,6 +40,13 @@ Query help files are written using a custom XML format, and stored in a file wit The header and single top-level ``qhelp`` element are both mandatory. The following sections explain additional elements that you may include in your query help files. +.. pull-quote:: + + Code scanning does not process ``.qhelp`` files for custom CodeQL queries, so to show + query help for custom queries in the code scanning UI you must convert the ``.qhelp`` files to markdown + and then include the markdown-rendered query help in SARIF files generated during an analysis. + For more information, see + ":ref:`Analyzing databases with the CodeQL CLI `." Section-level elements ======================