github-actionscodeql

GitHub Actions: CodeQL Analysis results


I have integrated CodeQL in my github project via website. It works, it analyses and produce SARIF files. And then it says that results were successfully uploaded:

Uploading results
  Processing sarif files: ["/home/runner/work/my_project/results/cpp-builtin.sarif"]
  Uploading results
  Successfully uploaded results

Where? Where I can find these results and read them? How CodeQL indicates that there are issues found? My .yaml contains:

    - run: |
       sudo -n apt-get install -y autopoint gettext
       autoreconf --install
       ./configure
       make
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1

Solution

  • GitHub repository -> Security tab -> Code scanning alerts

    GitHub docs