The Wayback Machine - https://web.archive.org./web/20201019204629/https://docs.github.com/es/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container
Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Explorar por producto

GitHub.com
English
Versión del artículo: Free, Pro, and Team
Free, Pro, and Team Enterprise Server 2.22
Versión del artículo: Free, Pro, and Team
Free, Pro, and Team Enterprise Server 2.22

Running CodeQL code scanning in a container

You can run escaneo de código in a container by ensuring that all processes run in the same container.

Escaneo de código is available in public repositories, and in private repositories owned by organizations with an Advanced Security license. Para obtener más información, consulta la sección "Productos de GitHub".

En este artículo

¿Te ayudó este documento?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.

Nota: Escaneo de código se encuentra acutalmente en beta y está sujeto a cambios. To request access to the beta, join the waitlist.

About escaneo de código with a containerized build

If you're setting up escaneo de código for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that CodeQL was unable to monitor your code as it was compiled.

You must run CodeQL in the same container in which you build your code. This applies whether you are using the CodeQL runner, or GitHub Actions. If you're using the CodeQL runner, run it in the container where your code builds. For more information about the CodeQL runner, see "Running CodeQL in your CI system." If you're using GitHub Actions, configure your workflow to run all the actions in the same container. For more information, see "Example workflow."

Dependencies

You may have difficulty running escaneo de código if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on GitHub's virtual environments. For more information, see the version-specific readme files in these locations:

Example workflow

This sample workflow uses GitHub Actions to run CodeQL analysis in a containerized environment. The value of container.image identifies the container to use. In this example the image is named codeql-container, with a tag of f0f91db. For more information, see "Workflow syntax for GitHub Actions."

name: "CodeQL"

on: 
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 0 * * 0'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest 

    strategy:
      fail-fast: false
      matrix:
        language: [java]

    # Specify the container in which actions will run
    container:
      image: codeql-container:f0f91db

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
    - name: Build
      run: |
        ./configure
        make
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1

¿Te ayudó este documento?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.

Still need help?

Ask the GitHub community Contactar con soporte técnico

Producto

Plataforma

Asistencia

Empresa