Getting started with Visual Studio CodeQL Extension #14387
Replies: 1 comment 4 replies
-
Hey @stephenegriffin! Thank you for the question and taking the time to describe your thought process and experience here 🙇🏻 I am sorry that you haven't had a good experience here and haven't been able to get the analysis to work locally. The VSCode extension is primarily aimed at developing queries and testing them on existing databases (or taking individual, existing queries and testing them). The VSCode extension would be the right choice for you if you were expecting not to make any changes to the code of your project, but rather explore why a particular query produces the results it does. To create a database from a codebase and run a full analysis on it, you should use the CodeQL CLI directly. You can find the documentation for the CLI at https://docs.github.com/en/code-security/codeql-cli, but let me know if you have any questions about using that. This is the right choice if you are expecting to primarily make changes to the code of your project, and run the full query suite after each iteration. |
Beta Was this translation helpful? Give feedback.
-
I cannot figure out how to get started with this extension. All I want to do is run the same CodeQL analysis that I get from the Github CodeQL action locally so I can iterate on resolutions to the identified problems. I figured I would install the extension, hit the some sort of "run now" button and be on my way but it looks like it's much more complicated than that.
I'm trying to follow the steps given here:
https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/
Installing the extension: Check - I think I got that.
Configuring access to the CodeQL CLI: Unlcear why this is even a step since it says the extension manages the CLI for me. So I think I got past this?
Setting up a CodeQL workspace: I'll be honest, I haven't the foggiest idea what this section is asking me to do. I've got clones of all sorts of codeql projects on my harddrive now but no idea how to use them. I think the "Updating an existing workspace for CodeQL" section may be trying to tell me how to set this up but I'm really not making sense of what it's asking me to do.
I then try to work through these steps:
https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/
I feel like I'm having a major conceptual failure in how CodeQL works. Setting up the github action was so easy and turnkey - I don't understand why running it locally isn't as well.
Beta Was this translation helpful? Give feedback.
All reactions