Skip to content

codeql should analyze lib not dist #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2021
Merged

codeql should analyze lib not dist #620

merged 1 commit into from
Oct 20, 2021

Conversation

ericsciple
Copy link
Contributor

No description provided.

thboop
thboop approved these changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@thboop thboop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. We should see if we can request the codeql action take an allowlist/ignorelist if possible

@ericsciple ericsciple merged commit fd47087 into main Oct 20, 2021
@ericsciple ericsciple deleted the users/ericsciple/21-10-codeql branch October 20, 2021 20:11
@adityasharad
Copy link

👋 Greetings from the CodeQL team! Just spotted this in passing and wanted to offer a suggestion.
CodeQL's JavaScript analysis can do TypeScript parsing, so I think you could omit the build step entirely in your Actions workflow, and it will analyse the .ts files. The only thing you'll miss out is code that is generated only during the build (if any).

If you still need to filter out directories from being scanned, see these docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thboop thboop thboop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ericsciple @adityasharad @thboop