注意
本文介绍了此版 GitHub Enterprise Server 的初始发行版中包含的 CodeQL 操作版本和相关 CodeQL CLI 捆绑包中可用的功能。 如果企业使用较新版本的 CodeQL 操作,请参阅本文的 GitHub Enterprise Cloud 版本,了解有关最新功能的信息。 有关使用最新版本的信息,请参阅“为设备配置代码扫描”。
If you're using advanced setup and your workflow doesn't explicitly specify the languages to analyze, CodeQL implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++、C#、Go、Java、Kotlin、Rust(公共预览版)、和 Swift, CodeQL only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
The following extracts from a workflow show how you can use a matrix within the job strategy to specify languages, and then reference each language within the "Initialize CodeQL" step:
jobs:
analyze:
permissions:
security-events: write
actions: read
# ...
strategy:
fail-fast: false
matrix:
language: ['csharp', 'c-cpp', 'javascript-typescript']
steps:
# ...
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
For more information about editing the workflow, see 自定义代码扫描的高级设置.