github upload-results¶
Synopsis¶
codeql github upload-results --repository=<repository-name> --ref=<ref> --commit=<commit> --sarif=<file> [--github-auth-stdin] [--checkout-path=<path>] [--github-url=<url>] <options>...
Description¶
Uploads a SARIF file to GitHub code scanning.
See: https://docs.github.com/en/rest/reference/code-scanning#upload-an-analysis-as-sarif-data
A GitHub Apps token or personal access token must be set. For best
security practices, it is
recommended to set the --github-auth-stdin
flag and pass the token to
the command through
standard input. Alternatively, the GITHUB_TOKEN
environment variable
can be set.
This token must have the security_events
scope.
Options¶
-
-r
,
--repository
=<repository-name>
¶ [Mandatory] GitHub repository owner and name (e.g., github/octocat) to use as an endpoint for uploading.
-
-f
,
--ref
=<ref>
¶ [Mandatory] Name of the ref that was analyzed. If this ref is a pull request merge commit, then use refs/pulls/1234/merge or refs/pulls/1234/head (depending on whether or not this commit corresponds to the HEAD or MERGE commit of the PR). Otherwise, this should be a branch: refs/heads/branch-name
-
-c
,
--commit
=<commit>
¶ [Mandatory] SHA of commit that was analyzed.
-
-s
,
--sarif
=<file>
¶ [Mandatory] Path to the SARIF file to upload.
-
-a
,
--github-auth-stdin
¶
Accept a GitHub Apps token or personal access token via standard input.
This overrides the GITHUB_TOKEN environment variable.
-
-p
,
--checkout-path
=<path>
¶ Checkout path. Default is the current working directory.
-
-g
,
--github-url
=<url>
¶ URL of the GitHub instance to upload to. (Default is https://github.com/)
Common options¶
-
-h
,
--help
¶
Show this help text.
-
-J
=<opt>
¶ [Advanced] Give option to the JVM running the command.
(Beware that options containing spaces will not be handled correctly.)
-
-v
,
--verbose
¶
Incrementally increase the number of progress messages printed.
-
-q
,
--quiet
¶
Incrementally decrease the number of progress messages printed.
-
--verbosity
=<level>
¶ [Advanced] Explicitly set the verbosity level to one of errors, warnings, progress, progress+, progress++, progress+++. Overrides
-v
and-q
.
-
--logdir
=<dir>
¶ [Advanced] Write detailed logs to one or more files in the given directory, with generated names that include timestamps and the name of the running subcommand.
(To write a log file with a name you have full control over, instead give
--log-to-stderr
and redirect stderr as desired.)