how can codeql include dependencies source in database when building database(maven project) #9055
-
|
I tried to use codeql to review ysoserial,i use --command="mvn clean install --file pom.xml"to package and compile the project to generate the codeql-database,but i found i can only query the class which loaded and used in my code.There should be many classes from commons-collections that contain transform
i want to know how to use codeql to query the third party dependencies' code i really like the codeql, i think its potential is unlimated |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
If you want to analyse the code of commons-collections itself you should create a database for that project, not something that uses it. Or, you could download the ready-made one from lgtm.com: https://lgtm.com/projects/g/apache/commons-collections/ci/#ql |
Beta Was this translation helpful? Give feedback.
-
|
tanks for your reply, that's helpful, i hope codeql could have the function to add the dependencies' code to the code-database in the future |
Beta Was this translation helpful? Give feedback.
If you want to analyse the code of commons-collections itself you should create a database for that project, not something that uses it. Or, you could download the ready-made one from lgtm.com: https://lgtm.com/projects/g/apache/commons-collections/ci/#ql