From 290b34d5dfd896189952af7799c14e04bb6aed67 Mon Sep 17 00:00:00 2001 From: Ana Armas Romero <54946499+anaarmas@users.noreply.github.com> Date: Mon, 4 May 2020 19:55:51 +0200 Subject: [PATCH 1/3] Note in readme about go analysis in macos-latest --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f61fdee5c..a0fade7a0 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,7 @@ env: to `github/codeql-action/analyze`. -### If you do not use a vendor directory +#### If you do not use a vendor directory Dependencies on public repositories should just work. If you have dependencies on private repositories, one option is to use `git config` and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) to authenticate when downloading dependencies. Add a section like @@ -163,6 +163,10 @@ dotnet build /p:UseSharedCompilation=false Version 3 does not require the additional flag. +### Analysing Go together with other languages on `macos-latest` + +This is currently not possible for Java, C/C++, or C#. + ## License This project is released under the [MIT License](LICENSE). From 4fff14bba4a36c1aee5e81ad2b0a229df30cd4b7 Mon Sep 17 00:00:00 2001 From: Robert Date: Wed, 6 May 2020 10:55:34 +0100 Subject: [PATCH 2/3] Update README.md --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f61fdee5c..5de83cb3f 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,12 @@ This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/semmle/ql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code. +## License + +This project is released under the [MIT License](LICENSE). + +The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled. + ## Usage To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template: @@ -162,7 +168,3 @@ dotnet build /p:UseSharedCompilation=false ``` Version 3 does not require the additional flag. - -## License - -This project is released under the [MIT License](LICENSE). From 4c11b3d9bf7b4658602568713bef2078aa498e66 Mon Sep 17 00:00:00 2001 From: Ana Armas Romero <54946499+anaarmas@users.noreply.github.com> Date: Fri, 8 May 2020 20:16:30 +0200 Subject: [PATCH 3/3] rephrase Go support limitations --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0fade7a0..c94da7b1d 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ Version 3 does not require the additional flag. ### Analysing Go together with other languages on `macos-latest` -This is currently not possible for Java, C/C++, or C#. +When running on macos it is currently not possible to analyze Go in conjunction with any of Java, C/C++, or C#. Each language can still be analyzed separately. ## License