A tool to post process files that are generated by the CodeQL CLI.
Currently supports adding version control provenance information to databases and sarif files generated by the CodeQL CLI.
The tool supports both bundled (a zip archived database) and unbundled databases.
codeql-postproc database add-vcs-provenance --repository-uri https://github.com/rvermeulen/codeql-postproc --revision-id 0b3ee0ba4e2972da7b8f95e53cf1abe2e5d0b35c main <database>[.zip]
The tool expects a Sarif file with v2.1.0.
codeql-postproc sarif add-vcs-provenance --repository-uri https://github.com/rvermeulen/codeql-postproc --revision-id 0b3ee0ba4e2972da7b8f95e53cf1abe2e5d0b35c <sarif>
or from a database with provenance information
codeql-postproc sarif add-vcs-provenance --from-database <database>[.zip] <sarif>
The tool provides the command database get-property
to query the database meta data and user properties (currently only the version control provenance is supported through this tool).
Here are some examples of querying for database properties:
-
Database target language.
codeql-postproc database get-property primaryLanguage <database>[.zip]
-
Database meta data.
codeql-postproc database get-property creationMetadata <database>[.zip]
To get nested properties use the .
character to index dictionaries and the [0]
to index arrays.
Here are some examples of querying nested database properties:
-
CLI version part of the database meta data.
codeql-postproc database get-property creationMetadata.cliVersion <database>[.zip]
-
The
revisionId
part of the first element of theversionControlProvenance
array.codeql-postproc database get-property 'versionControlProvenance[0].revisionId' <database>[.zip]
By default the tool outputs JSON, but the option --format YAML
can be used to output YAML.