CodeQL & Sonar analysis #374

Workflow file for this run

.github/workflows/codeql-analysis.yml at 13f077c

	name: "CodeQL & Sonar analysis"

	on:
	push:
	branches: [ main ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ main ]
	schedule:
	- cron: '28 3 * * 6'

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	language: [ 'java' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@main

	- name: Set up JDK 17
	uses: actions/setup-java@main
	with:
	distribution: 'temurin'
	java-version: 17

	- name: Cache SonarCloud packages
	uses: actions/cache@main
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@main
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@main
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality
	- name: Autobuild
	uses: github/codeql-action/autobuild@main
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@main

	- name: Archive codeQl result
	uses: actions/upload-artifact@main
	with:
	name: Code-QL result (sarif file)
	path: /home/runner/work/codeql2sonar-maven-plugin/results/*.sarif
	retention-days: 10

	- name: convert codeQL results into sonar's generic issues format
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	mvn -B install
	mvn -B codeql2sonar:SonarIssueReporter -Dcodeql2sonar.sarif.inputfile=/home/runner/work/codeql2sonar-maven-plugin/results/java.sarif -Dcodeql2sonar.sarif.ignoreTests=true -Dcodeql2sonar.sarif.outputfile=/home/runner/work/codeql2sonar-maven-plugin/results/sonar-cql-issues.json

	- name: Archive conversion result
	uses: actions/upload-artifact@main
	with:
	name: conversion result (json file)
	path: /home/runner/work/codeql2sonar-maven-plugin/results/sonar-cql-issues.json
	retention-days: 10

	- name: update Sonar with findings
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.externalIssuesReportPaths=/home/runner/work/codeql2sonar-maven-plugin/results/sonar-cql-issues.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CodeQL & Sonar analysis #374

Workflow file

CodeQL & Sonar analysis #374

Jobs

Run details

Workflow file for this run