CodeQL CLI and containers #14400
-
I am running into a problem where I cannot create a database for my project. The cli tool is integrated into our pipeline in this case it is Jenkins. The project uses a build script which builds the project by creating a container, in this case docker. When passing the build script as part of the database creation I ran into the error "No source code was seen during the build" . The project still builds however. From the documentation it seems the scan must happen inside the container. My understanding is I must do the code scan there and not from the pipeline. Is there a workaround? I don't want to add the scan inside the container. This imo defeats the purpose of having the pipeline initiate the scan. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
Hi @sam-cha-tfs, For compiled languages we need to observe the compilations in order to produce precise databases that correctly reflect your code as it is compiled. If the code is compiled inside a container (such as Docker) we're not able to monitor these compilations, and so the code will be missing from the generated database (this is what the "No source code was seen during the build" refers to). I can understand that this isn't the ideal setup, and we're working on various initiatives to make setting up Code Scanning easier. |
Beta Was this translation helpful? Give feedback.
Yes, if you're building your code inside a container then CodeQL must also run inside the container (for the time being) so that we can observe the build steps.