@@ -16,48 +16,63 @@ We shall continue to add more features and would be happy to accept contribution
1616### Basic Usage
1717
1818#### Downloading a pre-built container
19+
1920We keep updating the docker image periodically and uploading it to the Microsoft Container Registry at: mcr.microsoft.com/codeql/codeql-container.
2021You can run the image by running the command:
22+
2123```
2224$ docker run --rm mcr.microsoft.com/codeql/codeql-container
2325```
2426
2527If you want to analyze a particular source directory with codeql, run the container as:
28+
2629```
2730$ docker run --rm --name codeql-container mcr.microsoft.com/codeql/codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS=<query run...>
2831```
29- where /dir/to/analyze contains the source files that have to be analyzed, and /dir/for/results is where the result output
32+ where ` /dir/to/analyze ` contains the source files that have to be analyzed, and ` /dir/for/results ` is where the result output
3033needs to be stored, and you can specify QL_PACKS environment variable for specific QL packs to be run on the provided code.
3134For more information on CodeQL and QL packs, please visit https://www.github.com/github/codeql .
32- CODEQL_CLI_ARGS are the arguments that will be directly passed on to the codeql-cli. Some examples of CODEQL_CLI_ARGS are:
35+
36+ ` CODEQL_CLI_ARGS ` are the arguments that will be directly passed on to the codeql-cli. Some examples of ` CODEQL_CLI_ARGS ` are:
37+
3338```
34- CODEQL_CLI_ARGS = database create /opt/src/source_db
39+ CODEQL_CLI_ARGS=" database create /opt/src/source_db"
3540```
41+
3642** Note:** If you map your source volume to some other mountpoint other than /opt/src, you will have to make the corresponding changes
37- in the CODEQL_CLI_ARGS.
43+ in the ` CODEQL_CLI_ARGS ` .
3844
3945There are some additional docker environment variables that you can specify to control the execution of the container:
40- * CHECK_LATEST_CODEQL_CLI - If there is a newer version of codeql-cli, download and install it
41- * CHECK_LATEST_QUERIES - if there is are updates to the codeql queries repo, download and use it
42- * PRECOMPILE_QUERIES - If we downloaded new queries, precompile all new query packs (query execution will be faster)
43- WARNING: Precompiling query packs might take a few hours, depending on speed of your machine and the CPU/Memory limits (if any)
44- you have placed on the container.
45-
46- Since codeql first creates a database of the code representation, and then analyzes the db for issues, we need a few commands to
47- analyze a source code repo.
48- For example, if you want to analyze a python project source code placed in /dir/to/analyze (or C:\dir\to\analyze for example, in windows),
49- to analyze and get a sarif result file, you will have to run:
46+
47+ * ` CHECK_LATEST_CODEQL_CLI ` - If there is a newer version of codeql-cli, download and install it
48+ * ` CHECK_LATEST_QUERIES ` - if there is are updates to the codeql queries repo, download and use it
49+ * ` PRECOMPILE_QUERIES ` - If we downloaded new queries, precompile all new query packs (query execution will be faster)
50+
51+ ** WARNING:** Precompiling query packs might take a few hours, depending on speed of your machine and the CPU/memory limits (if any)
52+ you have placed on the container.
53+
54+ Since CodeQL first creates a database of the code representation, and then analyzes the db for issues, we need a few commands to
55+ analyze a source code repo.
56+
57+ For example, if you want to analyze a python project source code placed in ` /dir/to/analyze ` (or ` C:\dir\to\analyze ` for example, in Windows),
58+ to analyze and get a SARIF result file, you will have to run:
59+
60+ ```
5061$ docker run --rm --name codeql-container mcr.microsoft.com/codeql/codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database create --language=python /opt/src/source_db"
5162$ docker run --rm --name codeql-container mcr.microsoft.com/codeql/codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database analyze --format=sarifv2 --output=/opt/results/issues.sarif /opt/src/source_db
52-
5363```
54- This command will run all the ql packs related to security and output the results to the results folder.
64+
65+ This command will run all the QL packs related to security and output the results to the results folder.
5566
5667#### Building the container
68+
5769Building the container should be pretty straightforward.
70+
71+ ```
5872git clone ...
5973cd src
6074docker build . -f Dockerfile -t codeql-container
75+ ```
6176
6277# Contributing
6378
0 commit comments