Limitations - Documenting behaviors of renaming the tool in the uploaded SARIF #2
Description
This method renames the CodeQL tool in the results, which breaks CodeQL Autofix and may affect other features of Code Scanning
Legacy Scans + Alert Closure
If a configuration is no longer utilized (EOL of a service in monorepo) and there is a shared piece of code that is scanned for each service - it is CRITICAL that the old tool CodeQL-EOLservice configuration is removed. Missing uploads of a tool will prevent an alert from closing even after the alert is remediated. Viewing the Affected branches can make this apparent, choose the 🗑️ symbol on the missing configuration.
Autofix
CodeQL Autofixes are not generated when analyses are uploaded with a renamed tool
Tool Status Page
- Code Scanning - Tool Status Page does not properly identify CodeQL as the intended tool and file coverage information is not shown
- If any of the
jobsin a configuration fails to upload, you will see failing status for ALL "tools" that are scanning from the same job.
Repo Rulesets
Enforcing Require code scanning results will require a configuration for every iteration of the tool name