Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

codeQL checks are failing #7499

Closed
planetf1 opened this issue Mar 7, 2023 · 2 comments · Fixed by #7508 or #7500
Closed

codeQL checks are failing #7499

planetf1 opened this issue Mar 7, 2023 · 2 comments · Fixed by #7508 or #7500

Comments

@planetf1
Copy link
Member

planetf1 commented Mar 7, 2023

We have made multiple issues with codeQL scans failing in unknown ways

  • In some cases the analysis of rules just ends
  • In some cases the job seems to be terminated
  • In other cases the sarif file exceeds 0.5Gb and fails in json processing

Our codebase is large..

CodeQL works by

  • running a normal build
  • collecting analysis data into a sarif file
  • running rules against that file

Options include

  • enable debug / try and identify cause
  • use a filter to slim the generated sarif file before rule execution
  • try and build less components (already tried with removing open types & other tests)
  • abandoning codeQL

It's worth noting that sonatype also has issues with our code base - many tools are currently failing due to gradle hitting an out of memory error when analysing dependencies of our 300+ components (IntelliJ can also struggle with its tooling). This may indicate our repo is too large and complex and we need to consider refactoring

For now the codeQL check is not mandatory and will likely fail

@planetf1 planetf1 changed the title codeQL checks are failing unreliably codeQL checks are failing Mar 7, 2023
@planetf1
Copy link
Member Author

planetf1 commented Mar 7, 2023

Action that can filter out analysis data by pathname from sarif files
-> https://github.com/advanced-security/filter-sarif

@planetf1
Copy link
Member Author

planetf1 commented Mar 7, 2023

Additional options

  • use the security checks ONLY
  • create custom query package

Either/both may still hit size limits on the sarif file due to code volume ...

planetf1 added a commit to planetf1/egeria that referenced this issue Mar 9, 2023
planetf1 added a commit to planetf1/egeria that referenced this issue Mar 19, 2023
Update codeQL configuration to limit RAM use odpi#7499
planetf1 added a commit to planetf1/egeria that referenced this issue Mar 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant