ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Free, Pro, & Team

日本語

Running CodeQL code scanning in a container

ここには以下の内容があります:

About code scanning with a containerized build

Dependencies

Example workflow

You can run code scanning in a container by ensuring that all processes run in the same container.

Code scanning is available for all public repositories, and for private repositories owned by organizations where GitHub Advanced Security is enabled. 詳しい情報については、「GitHub Advanced Security について」を参照してください。

Note: The CodeQLランナー is being deprecated. Please use the CodeQL CLI version 2.6.2 or greater instead. GitHub Enterprise Server 3.3 will be the final release series that supports the CodeQLランナー. On GitHub Enterprise Cloud, the CodeQLランナー will be supported until March 2022. For more information, see the CodeQL runner deprecation.

About code scanning with a containerized build

If you're setting up code scanning for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that CodeQL was unable to monitor your code as it was compiled.

You must run CodeQL inside the container in which you build your code. This applies whether you are using the CodeQL CLI, the CodeQLランナー, or GitHub Actions. For the CodeQL CLI or the CodeQLランナー, see "Installing CodeQL CLI in your CI system" or "Running CodeQLランナー in your CI system" for more information. If you're using GitHub Actions, configure your workflow to run all the actions in the same container. For more information, see "Example workflow."

Dependencies

You may have difficulty running code scanning if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on GitHub's virtual environments. For more information, see the version-specific readme files in these locations:

Example workflow

This sample workflow uses GitHub Actions to run CodeQL analysis in a containerized environment. The value of container.image identifies the container to use. In this example the image is named codeql-container, with a tag of f0f91db. For more information, see "Workflow syntax for GitHub Actions."

name: "CodeQL"

on: 
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '15 5 * * 3'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      actions: read

    strategy:
      fail-fast: false
      matrix:
        language: [java]

    # Specify the container in which actions will run
    container:
      image: codeql-container:f0f91db

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1
        with:
          languages: ${{ matrix.language }}
      - name: Build
        run: |
          ./configure
          make
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1

これらのドキュメントを素晴らしいものにするのを手伝ってください！

GitHubのすべてのドキュメントはオープンソースです。間違っていたり、はっきりしないところがありましたか？Pull Requestをお送りください。

コントリビューションを行う

OR, コントリビューションの方法を学んでください。

問題がまだ解決していませんか？

GitHubコミュニティで質問する

サポートへの連絡

Nov	DEC	Jan
	23
2020	2021	2023