AdvancedSecurity-Codeql-Init@1 - Advanced Security Initialize CodeQL v1 task
Initializes the CodeQL database in preparation for building.
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Syntax
# Advanced Security Initialize CodeQL v1
# Initializes the CodeQL database in preparation for building.
- task: AdvancedSecurity-Codeql-Init@1
inputs:
#languages: # 'csharp' | 'cpp' | 'go' | 'java' | 'javascript' | 'python' | 'ruby' | 'swift'. Languages to analyze.
#querysuite: 'Select a query suite...' # 'Select a query suite...' | 'code-scanning' | 'security-extended' | 'security-experimental' | 'security-and-quality'. CodeQL Query Suite to use for analysis. Default: Select a query suite....
# Advanced
#ram: # string. Options to control RAM usage in MB.
#threads: # string. Use this many threads to evaluate queries.
#codeqlpathstoignore: # string. Set a list of paths to exclude in the CodeQL analysis.
#codeqlpathstoinclude: # string. Set a list of additional paths to include in the CodeQL analysis.
#sourcesfolder: # string. Sets the folder that contains the sources to be analyzed.
#loglevel: '_' # '0' | '1' | '2' | '_'. Set the log level for the CodeQL analysis. Default: _.
#configfilepath: # string. Use this to enable custom query analysis in codeql (path must be absolute).
#codeqltoolsdirectory: # string. Set a custom CodeQL tools directory (path must be absolute).
Inputs
languages - Languages to analyze
string. Allowed values: csharp, cpp, go, java, javascript, python, ruby, swift.
The programming language to analyze. Multiple languages can be separated by a comma.
You can set the language here in the task, or you can specify the language in a pipeline variable named advancedsecurity.codeql.language. If both are set, the value specified in the task takes precedence.
querysuite - CodeQL Query Suite to use for analysis.
string. Allowed values: Select a query suite..., code-scanning, security-extended, security-experimental, security-and-quality. Default value: Select a query suite....
The query suite, i.e. ruleset, used for analysis. You can specify the value here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.querysuite. If both are set, the value specified in the task takes precedence. The default value is Select a query suite... which indicates that the query suite must be specified in the advancedsecurity.codeql.querysuite variable.
ram - Options to control RAM usage in MB
string.
Set total amount of RAM the query evaluator should be allowed to use.
You can specify ram here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.ram. If both are set, the value specified in the task takes precedence.
threads - Use this many threads to evaluate queries
string.
You can pass 0 to use one thread per core on the machine, or -N to leave N cores unused (except still use at least one thread).
You can specify threads here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.threads. If both are set, the value specified in the task takes precedence.
codeqlpathstoignore - Set a list of paths to exclude in the CodeQL analysis
string.
You can provide multiple paths separated by commas. The paths must be relative to the sourcesfolder where CodeQL is running, which defaults to the Build.SourcesDirectory pipeline environment variable. For example, to ignore the $(Build.SourcesDirectory)/donotscan directory, set codeqlpathstoignore: donotscan rather than codeqlpathstoignore: $(Build.SourcesDirectory)/donotscan.
codeqlpathstoinclude - Set a list of additional paths to include in the CodeQL analysis
string.
You can provide multiple paths separated by commas. The paths must be relative to the sourcesfolder where CodeQL is running, which defaults to the Build.SourcesDirectory pipeline environment variable. For example, to include the $(Build.SourcesDirectory)/app directory, set codeqlpathstoinclude: app rather than codeqlpathstoinclude: $(Build.SourcesDirectory)/app.
sourcesfolder - Sets the folder that contains the sources to be analyzed
string.
If you don't provide this value, the default sources folder for the pipeline infrastructure is used (provided by the Build.SourcesDirectory variable).
loglevel - Set the log level for the CodeQL analysis
string. Allowed values: 0 (Warning), 1 (Verbose), 2 (Debug), _ (Default (Warning)). Default value: _.
Specify the level of logging.
You can specify loglevel here in the task, or you can specify it in a pipeline variable named advancedsecurity.codeql.loglevel. If both are set, the value specified in the task takes precedence, unless the default value _ for loglevel in the task is specified. If _ is specified, the value from advancedsecurity.codeql.loglevel is used if available.
configfilepath - Use this to enable custom query analysis in codeql (path must be absolute).
string.
If path is not provided, then codeql analysis will proceed with default queries.
codeqltoolsdirectory - Set a custom CodeQL tools directory (path must be absolute)
string.
If the path is not provided, the default value of $agent_toolsdirectory will be utilized.
Task control options
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
Output variables
None.
Remarks
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Important
This task is supported with Azure Repos Git repositories only.
The pipeline must call the tasks in the following order.
- Initialize CodeQL
- AutoBuild (or your custom build tasks)
- Perform CodeQL analysis
The AutoBuild task is optional and may be replaced with your custom build tasks. Either AutoBuild or your custom build tasks must be run for your project to be analyzed.
Requirements
| Requirement | Description |
|---|---|
| Pipeline types | YAML, Classic build, Classic release |
| Runs on | Agent, DeploymentGroup |
| Demands | None |
| Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
| Command restrictions | Any |
| Settable variables | Any |
| Agent version | All supported agent versions. |
| Task category | Build |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for