codeQL checks are failing

[planetf1]

We have made multiple issues with codeQL scans failing in unknown ways

• Upgrade to spring-boot 3 / java 17 #7416
• https://github.com/odpi/egeria/actions/workflows/codeql-v4.yml

• In some cases the analysis of rules just ends
• In some cases the job seems to be terminated
• In other cases the sarif file exceeds 0.5Gb and fails in json processing

Our codebase is large..

CodeQL works by

• running a normal build
• collecting analysis data into a sarif file
• running rules against that file

Options include

• enable debug / try and identify cause
• use a filter to slim the generated sarif file before rule execution
• try and build less components (already tried with removing open types & other tests)
• abandoning codeQL

It's worth noting that sonatype also has issues with our code base - many tools are currently failing due to gradle hitting an out of memory error when analysing dependencies of our 300+ components (IntelliJ can also struggle with its tooling). This may indicate our repo is too large and complex and we need to consider refactoring

For now the codeQL check is not mandatory and will likely fail

[planetf1]

Action that can filter out analysis data by pathname from sarif files
-> https://github.com/advanced-security/filter-sarif

[planetf1]

Additional options

• use the security checks ONLY
• create custom query package

Either/both may still hit size limits on the sarif file due to code volume ...