hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Docs: add guidance for previous-id tag

Browse Source
This commit is contained in:
Jami Cogswell
2025-03-23 19:29:20 -04:00
parent 631ccdf380
commit cb4e21d0e6
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/query-metadata-style-guide.md
View File

@@ -113,7 +113,7 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties
* `medium` * `medium`
* `high` * `high`
* `very-high` * `very-high`
* `@problem.severity`defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior: * `@problem.severity`defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior:
* `error`an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability. * `error`an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability.
* `warning`an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed. * `warning`an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed.
* `recommendation`an issue where the code behaves correctly, but it could be improved. * `recommendation`an issue where the code behaves correctly, but it could be improved.
@@ -139,6 +139,8 @@ There are also more specific `@tags` that can be added. See, the following pages
Metric queries (`@kind metric`) may have the `summary` tag. If SARIF output is used, the results of these queries can be found at `run[].properties.metricResults`. Metric queries (`@kind metric`) may have the `summary` tag. If SARIF output is used, the results of these queries can be found at `run[].properties.metricResults`.
Queries with alerts that used to be reported on a different query should have a `previous-id:<previous-query-id>` tag to refer back to the query where the alerts were originally reported. For example, if alerts from `java/query-one` are now reported on `java/query-two`, then the metadata for `java/query-two` should contain: `@tags previous-id:java/query-one`.
If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization. When creating your own tags, you should: If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization. When creating your own tags, you should:
* Use all lower-case letters, including for acronyms and proper nouns, with no spaces. All characters apart from * and @ are accepted. * Use all lower-case letters, including for acronyms and proper nouns, with no spaces. All characters apart from * and @ are accepted.