title | description | ms.date | monikerRange |
---|---|---|---|
AdvancedSecurity-Codeql-Init@1 - Advanced Security Initialize CodeQL v1 task |
Initializes the CodeQL database in preparation for building. |
06/11/2024 |
=azure-pipelines |
:::moniker range="=azure-pipelines"
Initializes the CodeQL database in preparation for building.
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
:::moniker-end
:::moniker range="=azure-pipelines"
# Advanced Security Initialize CodeQL v1
# Initializes the CodeQL database in preparation for building.
- task: AdvancedSecurity-Codeql-Init@1
inputs:
#languages: # 'csharp' | 'cpp' | 'go' | 'java' | 'javascript' | 'python' | 'ruby' | 'swift'. Languages to analyze.
#querysuite: 'Select a query suite...' # 'Select a query suite...' | 'code-scanning' | 'security-extended' | 'security-experimental' | 'security-and-quality'. CodeQL Query Suite to use for analysis. Default: Select a query suite....
# Advanced
#ram: # string. Options to control RAM usage in MB.
#threads: # string. Use this many threads to evaluate queries.
#codeqlpathstoignore: # string. Set a list of paths to exclude in the CodeQL analysis.
#codeqlpathstoinclude: # string. Set a list of additional paths to include in the CodeQL analysis.
#sourcesfolder: # string. Sets the folder that contains the sources to be analyzed.
#loglevel: '_' # '0' | '1' | '2' | '_'. Set the log level for the CodeQL analysis. Default: _.
#configfilepath: # string. Use this to enable custom query analysis in codeql (path must be absolute).
#codeqltoolsdirectory: # string. Set a custom CodeQL tools directory (path must be absolute).
:::moniker-end
:::moniker range="=azure-pipelines"
languages
- Languages to analyze
string
. Allowed values: csharp
, cpp
, go
, java
, javascript
, python
, ruby
, swift
.
The programming language to analyze. Multiple languages can be separated by a comma.
You can set the language here in the task, or you can specify the language in a pipeline variable named advancedsecurity.codeql.language
. If both are set, the value specified in the task takes precedence.
:::moniker-end
:::moniker range="=azure-pipelines"
querysuite
- CodeQL Query Suite to use for analysis.
string
. Allowed values: Select a query suite...
, code-scanning
, security-extended
, security-experimental
, security-and-quality
. Default value: Select a query suite...
.
The query suite, i.e. ruleset, used for analysis. You can specify the value here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.querysuite
. If both are set, the value specified in the task takes precedence. The default value is Select a query suite...
which indicates that the query suite must be specified in the advancedsecurity.codeql.querysuite
variable.
:::moniker-end
:::moniker range="=azure-pipelines"
ram
- Options to control RAM usage in MB
string
.
Set total amount of RAM the query evaluator should be allowed to use.
You can specify ram
here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.ram
. If both are set, the value specified in the task takes precedence.
:::moniker-end
:::moniker range="=azure-pipelines"
threads
- Use this many threads to evaluate queries
string
.
You can pass 0 to use one thread per core on the machine, or -N to leave N cores unused (except still use at least one thread).
You can specify threads
here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.threads
. If both are set, the value specified in the task takes precedence.
:::moniker-end
:::moniker range="=azure-pipelines"
codeqlpathstoignore
- Set a list of paths to exclude in the CodeQL analysis
string
.
You can provide multiple paths separated by commas. The paths must be relative to the sourcesfolder
where CodeQL is running, which defaults to the Build.SourcesDirectory
pipeline environment variable. For example, to ignore the $(Build.SourcesDirectory)/donotscan
directory, set codeqlpathstoignore: donotscan
rather than codeqlpathstoignore: $(Build.SourcesDirectory)/donotscan
.
Important
The codeqlpathstoignore
setting applies only when you run the CodeQL tasks on an interpreted language (Python, Ruby, and JavaScript/TypeScript).
:::moniker-end
:::moniker range="=azure-pipelines"
codeqlpathstoinclude
- Set a list of additional paths to include in the CodeQL analysis
string
.
You can provide multiple paths separated by commas. The paths must be relative to the sourcesfolder
where CodeQL is running, which defaults to the Build.SourcesDirectory
pipeline environment variable. For example, to include the $(Build.SourcesDirectory)/app
directory, set codeqlpathstoinclude: app
rather than codeqlpathstoinclude: $(Build.SourcesDirectory)/app
.
Important
The codeqlpathstoinclude
setting applies only when you run the CodeQL tasks on an interpreted language (Python, Ruby, and JavaScript/TypeScript).
:::moniker-end
:::moniker range="=azure-pipelines"
sourcesfolder
- Sets the folder that contains the sources to be analyzed
string
.
If you don't provide this value, the default sources folder for the pipeline infrastructure is used (provided by the Build.SourcesDirectory
variable).
:::moniker-end
:::moniker range="=azure-pipelines"
loglevel
- Set the log level for the CodeQL analysis
string
. Allowed values: 0
(Warning), 1
(Verbose), 2
(Debug), _
(Default (Warning)). Default value: _
.
Specify the level of logging.
You can specify loglevel
here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.loglevel
. If both are set, the value specified in the task takes precedence, unless the default value _
for loglevel
in the task is specified. If _
is specified, the value from advancedsecurity.codeql.loglevel
is used if available.
:::moniker-end
:::moniker range="=azure-pipelines"
configfilepath
- Use this to enable custom query analysis in codeql (path must be absolute).
string
.
If path is not provided, then codeql analysis will proceed with default queries.
:::moniker-end
:::moniker range="=azure-pipelines"
codeqltoolsdirectory
- Set a custom CodeQL tools directory (path must be absolute)
string
.
If the path is not provided, the default value of $agent_toolsdirectory
will be utilized.
:::moniker-end
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
:::moniker range="=azure-pipelines"
None.
:::moniker-end
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Important
This task is supported with Azure Repos Git repositories only.
The pipeline must call the tasks in the following order.
- Initialize CodeQL
- AutoBuild (or your custom build tasks)
- Perform CodeQL analysis
The AutoBuild task is optional and may be replaced with your custom build tasks. Either AutoBuild or your custom build tasks must be run for your project to be analyzed.
:::moniker range="=azure-pipelines"
Requirement | Description |
---|---|
Pipeline types | YAML, Classic build, Classic release |
Runs on | Agent, DeploymentGroup |
Demands | None |
Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
Command restrictions | Any |
Settable variables | Any |
Agent version | All supported agent versions. |
Task category | Build |
:::moniker-end