CodeQL Extractor Action is a GitHub Action that allows you to specify a CodeQL extractor to be used in your workflows as an author of an Extractor. This action is designed to be used in conjunction with the CodeQL analysis tool, which is a powerful static analysis tool that can be used to find vulnerabilities in your code.
Warning
This action downloads the extractor from the GitHub repository. Make sure to use a trusted repository, owner, and extractor.
- Easy to use: The action is designed to be simple and easy to integrate into your existing GitHub Actions workflows.
- End-to-end workflow: The action provides end-to-end workflow for extracting code from your repository and running CodeQL analysis.
- Customizable: The action allows you to customize the extraction process to fit your specific needs.
- name: "CodeQL Extractor Action"
uses: advanced-security/codeql-extractor-action@v0.1.0
with:
# Repository reference (e.g. "owner/repo", "owner/repo@ref")
extractor: "advanced-security/codeql-extractor-iac"
# [optional]: Language(s) used to verify the extractor
languages: "iac"
# [optional] Attest the authenticity of the extractor
attestation: trueWhats is an Extractor?
A CodeQL extractor is a tool that extracts code from a repository and prepares it for analysis by the CodeQL engine. It is used to convert the code into a format that can be analyzed by CodeQL.
How do I create an Extractor?
To create an extractor, you need to create a GitHub repository that contains the extractor releases as an artifact / assest in a GitHub release. The extractor should be a Tarball file that contains the compiled extractor and all other necessary files for the extractor to run.
 Mathew Payne 💻 🔬 🚧 🛡️ 🤔 |
Please create GitHub Issues or GitHub Discussion if there are bugs or feature requests.
This project uses Sematic Versioning (v2) and with major releases, breaking changes will occur.
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.