This project aims at making it easier to start using GitHub CodeQL by packaging CodeQL CLI together with precompiled CodeQL queries in a Docker image.
You can build our own Docker image from the provided Dockerfile or use the prebuilt image to start using CodeQL CLI and run queries on your projects without installing it on your local machine.
Build the docker image using the command below:
$ docker build -f Dockerfile -t codeql-container:dev .Start running CodeQL queries on your project with a single command:
$ docker run --rm -v "<source-directory>:/opt/src" -v "<results-directory>:/opt/results" codeql-container:dev <command> [options]Input/Output directories
source-directory: The directory containing the source code to scan, must map this directory to the container's/opt/srcdirectory.results-directory: The directory to store the scan results, must map this directory to the container's/opt/resultsdirectory.
Commands
| Command | Description |
|---|---|
help |
Print the help information and exit |
security |
Run the security and quality analyzing query pack |
security-extended |
Run the security analyzing extended query pack |
scan |
Run the standard code scanning query pack |
Options
| Option | Required | Default Value | Description |
|---|---|---|---|
-l=language or --language=language |
true | The programming language of the source code to scan, for example --language=java |
|
-o=format or --output=format |
false | sarif-latest |
The output format of the scan results, for example --output=csv |
--override |
false | Override the results directory if it is not empty |
- Supported output formats includes
csvorsarif. See CodeQL CLI documentation for more details. - Supported languages: see CodeQL CLI documentation for more details.
Example:
$ docker run -it --rm -v "/home/fazledyn/source/:/opt/src" -v "/home/fazledyn/result/:/opt/results" codeql-container:dev security --override --language=go --output=csvThis project draws inspiration from the microsoft/codeql-container repository and incorporates insights from travisgosselin's comment. The modified version fixes some run-time bugs from the forked version such as- CodeQL not being able to create /opt/results/codeql-db or log file.
This project is licensed under the MIT License - see the LICENSE.md file for details.
Feel free to create pull requests or issues to report bugs or suggest new features. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue.
If you find this project useful, please start it.