hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 03:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
This commit is contained in:
Felicity Chapman
2021-06-28 12:20:20 +01:00
committed by GitHub
parent 4a8b71a245
commit b52b158c97
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
View File

@@ -111,12 +111,12 @@ see ":doc:`Using custom queries with the CodeQL CLI <using-custom-queries-with-t
Running GitHub code scanning suites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To run the GitHub code scanning suite of queries over a CodeQL datbase for a C/C++ codebase,
To run the GitHub code scanning suite of queries over a CodeQL database for a C/C++ codebase,
you could use the following command from the directory containing your database::
codeql database analyze <cpp-database> cpp-code-scanning.qls --format=sarifv2.1.0 --output=cpp-analysis/cpp-results.sarif
codeql database analyze <cpp-database> cpp-code-scanning.qls --format=sarifv2.1.0 --output=cpp-results.sarif
The analysis generates a file in the v2.1 SARIF format that is supported by all versions of GitHub.
The analysis generates a file in the v2.1.0 SARIF format that is supported by all versions of GitHub.
This file can be uploaded to GitHub using ``github upload-results`` or the code scanning API.
For more information, see `Analyzing a CodeQL database <https://docs.github.com/en/code-security/secure-coding/configuring-codeql-cli-in-your-ci-system#analyzing-a-codeql-database>`__
or `Code scanning API <https://docs.github.com/en/rest/reference/code-scanning>`__ in the GitHub documentation.

7
docs/codeql/codeql-cli/creating-codeql-databases.rst
View File

@@ -53,7 +53,7 @@ more than one language:
- ``--db-cluster``: use for multi-language codebases when you want to create
databases for more than one language.
- ``--command``: used when you create a database for one or more compiled languages,
omit if the only langauges requested are Python and JavaScript.
omit if the only languages requested are Python and JavaScript.
This specifies the build commands needed to invoke the compiler.
Commands are run from the current folder, or ``--source-root``
if specified. If you don't include a ``--command``, CodeQL will attempt to
@@ -76,7 +76,7 @@ build system.
When the database is successfully created, you'll find a new directory at the
path specified in the command. If you used the ``--db-cluster`` option to create
more than one database, a subdirectory is created for each langauge.
more than one database, a subdirectory is created for each language.
Each CodeQL database directory contains a number of
subdirectories, including the relational data (required for analysis) and a
source archive---a copy of the source files made at the time the database was
@@ -98,8 +98,7 @@ are available.
specify a ``--command`` option. Otherwise this overrides the normal
extractor invocation, which will create an empty database. If you create
databases for multiple languages and one of them is a compiled language,
use the ``--no-run-unnecessary-builds`` option to skip the command for these
languages.
use the ``--no-run-unnecessary-builds`` option to skip the command for the languages that don't need to be compiled.
JavaScript and TypeScript
~~~~~~~~~~~~~~~~~~~~~~~~~