pre-commit-hookpre-commitcodeqlsast

running precommit hooks with codeql/GHAS sast scans?


I'm just getting started with CodeQL and we have a requirement from our devs to CodeQL sast scans as precommit hooks. I could not find any docs on how to set up CodeQL to make it run on my machine.

Additional context (to answer questions below):

  1. Devs will not have CodeQL installed on their laptops (windows and mac)
  2. I would like to also automate the installation of CodeQL CLI
  3. reading the docs, looks like I also need a CodeQL database- can that setup be automated?

In essense, I would like to make the install "almost" transparent to the devs with minimal effort needed on their side.


Solution

  • Similar to your other question, this is probably not possible (but in doubt contact GitHub Enterprise support).

    A few potential issues:

    If you are creating an open source project on GitHub, or if your company is using GitHub for development, then it would be easiest to setup code scanning with CodeQL, instead of trying to set up something locally.