Diese Version von GitHub Enterprise wurde eingestellt am 2021-09-23. Es wird keine Patch-Freigabe vorgenommen, auch nicht für kritische Sicherheitsprobleme. Für eine bessere Leistung, verbesserte Sicherheit und neue Features nimm ein Upgrade auf die neueste Version von GitHub Enterprise vor. Wende Dich an den GitHub Enterprise-Support, um Hilfe beim Upgrade zu erhalten.

Running CodeQL code scanning in a container

You can run code scanning in a container by ensuring that all processes run in the same container.

Code scanning is available if you have a license for GitHub Advanced Security.

Note: Code scanning is in beta in GitHub Enterprise Server 2.22. For the generally available release of code scanning, upgrade to the latest release of GitHub Enterprise Server.

About code scanning with a containerized build

If you're setting up code scanning for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that CodeQL was unable to monitor your code as it was compiled.

You must run CodeQL in the same container in which you build your code. This applies whether you are using the CodeQL runner, or GitHub Actions. If you're using the CodeQL runner, run it in the container where your code builds. For more information about the CodeQL runner, see "Running CodeQL code scanning in your CI system." If you're using GitHub Actions, configure your workflow to run all the actions in the same container. For more information, see "Example workflow."

Dependencies

You may have difficulty running code scanning if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on GitHub's virtual environments. For more information, see the version-specific readme files in these locations:

Example workflow

This sample workflow uses GitHub Actions to run CodeQL analysis in a containerized environment. The value of container.image identifies the container to use. In this example the image is named codeql-container, with a tag of f0f91db. Weitere Informationen findest Du unter „Workflow-Syntax für GitHub Actions“.

name: "CodeQL"

on: 
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '45 15 * * 2'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        language: [java]

    # Specify the container in which actions will run
    container:
      image: codeql-container:f0f91db

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1
        with:
          languages: ${{ matrix.language }}
      - name: Build
        run: |
          ./configure
          make
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1