Automation to check and block the build if there are high and critical issues #58522
Replies: 3 comments 3 replies
-
The First, add an - name: Put CodeQL on the path
env:
CODEQL_PATH: '${{ steps.init.codeql-path }}'
run: |
echo "$CODEQL_PATH" >> $GITHUB_PATH |
Beta Was this translation helpful? Give feedback.
-
was the below expected...sorry i am bad at codeql coding..
|
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
HI All,
As part of DevSecOps, we were trying to implement build action where if there are any critical and high issues in codebase Build should fail and trigger a mail to end user.
As part of that, i tried the below action file.
'''''''''''''''''''''''''''''''''''''''''''''''
name: "CodeQL"
on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '45 17 * * 4'
jobs:
analyze:
name: Analyze
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
security-events: write
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
on running above action.yml file, we are getting below error:
/home/runner/work/_temp/5f8d03e3-a8ff-49ed-b4d5-475ff9f6e90d.sh: line 2: codeql: command not found
and they are verifying the vulns count...
can anyone suggest solution for the same or if possible anyone tried to do the same(kindly provide the .yml file which can perform above action)
Beta Was this translation helpful? Give feedback.
All reactions