Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content review #1

Merged
merged 4 commits into from
Sep 5, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
copy edits to step 1
janiceilene committed Jul 3, 2024
commit 9d1f847e3a39a649fbefc6e24db3bb77b3d35792
12 changes: 6 additions & 6 deletions .github/steps/1-codeql-language-matrix.md
Original file line number Diff line number Diff line change
@@ -9,23 +9,23 @@ CodeQL language matrices allow you to configure your CodeQL workflows with a lan
### Importance of using languages matrices with code scanning

1. **Simplicity**: Using a language matrix with CodeQL simplifies your workflow by allowing you to manage multiple languages in a single workflow file. This eliminates the need for separate workflows for each language, making your code scanning process more streamlined and manageable.
2. **Flexibility**: A language matrix provides flexibility as it allows you to easily add or remove languages from your workflow. This means you can quickly adapt your code scanning process to changes in your project's language usage.
2. **Flexibility**: A language matrix provides flexibility, as it allows you to easily add or remove languages from your workflow. This means you can quickly adapt your code scanning process to changes in your project's language usage.
3. **Consistency**: By using a language matrix, you ensure consistent code scanning across all languages used in your project. This helps maintain the quality and security of your codebase, regardless of the language it's written in.

Remember, a well-configured CodeQL setup is key to maintaining a secure and reliable codebase.

### :keyboard: Activity: Configure your `codeql.yml` file to use a language matrix

1. Navigate to the `Code` tab and locate the `.github/workflows` folder.
1. Add the following content to the `codeql.yml` file before the steps section:
1. In the `Code` tab, locate the `.github/workflows` folder.
1. In the `codeql.yml` file, above the `steps` section, add the following:
```yaml
strategy:
fail-fast: false
matrix:
language: [ 'go', 'java-kotlin', 'javascript-typescript', 'python' ]
# CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
# Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# Use only 'java-kotlin' to analyze code written in Java, Kotlin, or both
# Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript, or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

```
@@ -35,7 +35,7 @@ Remember, a well-configured CodeQL setup is key to maintaining a secure and reli
with:
languages: ${{ matrix.language }}
```
1. Finally we need to add the language matrix to the CodeQL analyze action. Add the following to the CodeQL analyze action:
1. Finally, we need to add the language matrix to the CodeQL analyze action. Add the following to the CodeQL analyze action:
```yaml
with:
category: ${{ matrix.language }}