CodeQL can scan C# applications without requiring a supported build configuration or build command (public beta) #954
Labels
beta
Feature phase: Beta
codeql
Feature: GitHub codeql
github advanced security
Product SKU: GitHub Advanced Security
Comments
github-product-roadmap
added
beta
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Enable CodeQL to scan C# applications, without requiring a build command or a configuration that can be automatically recognized to reproduce the build. The improvements to C# scanning will increase the number of applications that can be scanned with minimal configuration.
Intended Outcome
C# applications that are scanned with CodeQL need to be able to specify a build command or be compiled with the CodeQL autobuilders. This new approach will allow users to scan significantly more C# repos without requiring additional configuration. This will improve the overall adoption of CodeQL for C#.
How will it work?
In the current state, CodeQL requires a working build that can be automatically replicated by CodeQL's autobuilders or a manual build command supplied in the configuration. After this change, users will be able to point CodeQL to C# applications which previously did not have a working autobuilder or a manual build command in the configuration. CodeQL will automatically extract as much of the C# code as possible and run a security analysis.
The text was updated successfully, but these errors were encountered: