-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
source-root is not applied in SARIF output #1147
Comments
Greetings, many thanks for getting in touch with this question. That is indeed what the In particular, you'll want to make a file called paths:
- packages/react Then, in your - name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ inputs.languages }}
config-file: ./.github/codeql/codeql-config.yml I hope that's helpful! Do let me know if that works for you or if you have any further questions. |
Thank you @edoardopirovano. This makes sense. |
Aha, I see. That is an interesting use case that we don't have an easy path for. Your workaround sounds reasonable, and is what I would've suggested too. We'll certainly keep your scenario in mind if we ever do a major reshuffle of how these parameters are configured! cc. @aeisenberg as the above is likely to be of interest to you. |
Thanks for the issue. I think the feature you want is to be able to pass the |
I'm not sure if I got the doc wrong, but I have a project with multiple folders and when running CodeQL on a single sub-folder using
source-root
like this :In the sarif output, the
artifactLocation.uri
properties are relative topackages/react
, which once uploaded to Github code scanning, yields invalid paths in the repository, as they are relative from thesource-root
, instead of the repository root.The text was updated successfully, but these errors were encountered: