Skip to content

Commit 49575f8

Browse files
robertbrignullrobertbrignull
authored
Merge branch 'master' into external_queries_tmp_dir
2 parents ab918b6 + 5a800cc commit 49575f8

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

README.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@
22

33
This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/semmle/ql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
44

5+
## License
6+
7+
This project is released under the [MIT License](LICENSE).
8+
9+
The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.
10+
511
## Usage
612

713
To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template:
@@ -137,7 +143,7 @@ env:
137143

138144
to `github/codeql-action/analyze`.
139145

140-
### If you do not use a vendor directory
146+
#### If you do not use a vendor directory
141147

142148
Dependencies on public repositories should just work. If you have dependencies on private repositories, one option is to use `git config` and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) to authenticate when downloading dependencies. Add a section like
143149

@@ -163,6 +169,6 @@ dotnet build /p:UseSharedCompilation=false
163169

164170
Version 3 does not require the additional flag.
165171

166-
## License
172+
### Analysing Go together with other languages on `macos-latest`
167173

168-
This project is released under the [MIT License](LICENSE).
174+
When running on macos it is currently not possible to analyze Go in conjunction with any of Java, C/C++, or C#. Each language can still be analyzed separately.

0 commit comments

Comments
 (0)