This repository contains an example of how to use CodeQL with Tekton.
- A Kubernetes cluster (taken care of for you if you're using this from a GitHub Codespace)
- Tekton installed on the cluster (taken care of for you if you're using this from a GitHub Codespace)
- A GitHub account with a repository to upload SARIF results to. Make sure GitHub Advanced Security is enabled for the repository.
- A GitHub personal access token with the
security_eventsscope
-
Fork this repository
-
Install the
git-clonetask:kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.6/git-clone.yaml
-
Create a secret containing your GitHub personal access token:
kubectl create secret generic github-token --from-literal=token=<your token>
-
Create a secret containing your ssh key:
kubectl create secret generic my-ssh-credentials --from-file=<path to private key>
-
Update the following values in ./tekton/pipelinerun.yaml
params: - name: github-url value: github.com - name: repository value: bxtp4p-demos/codeql-tekton-example
-
Navigate to the
tektondirectory and add the CodeQL build task and pipeline:cd tekton kubectl apply -f codeql-build-task.yaml -f pipeline.yaml
- Navigate to the
tektondirectory:
cd tektonCreate a pipeline run:
kubectl create -f pipelinerun.yamlView the logs using tkn cli:
tkn pipelinerun logs -f test-codeql-xxxxxYou can see the uploaded SARIF results in the GitHub Security tab in the repository you specified for the repository parameter.
If you're using this from a GitHub Codespace, Tekton installed in Minikube.
Minikube may not be started when you first open the Codespace. If this is the case, you can start it with:
minikube startYou can then install and run the pipeline as described above.
Tekton Dashboard is installed in the Codespace. You can access it by running:
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097Then open up the PORTS tab in the Codespace and click on the link next to 9097. This will open up the Tekton Dashboard in a new browser tab.