GitHub Actions queries for CodeQL analysis

CodeQL includes many queries for analyzing GitHub Actions workflows. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see CodeQL query suites.

Built-in queries for GitHub Actions analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Примечание.

The initial release of GitHub Enterprise Server 3.19 included CodeQL action and CodeQL CLI 2.22.4, which may not include all of these queries. Your site administrator can update your CodeQL version to a newer release. For more information, see Configuring code scanning for your appliance.

Query name	Related CWEs	Default	Extended	Copilot Autofix
Artifact poisoning	829
Cache Poisoning via caching of untrusted files	349
Cache Poisoning via execution of untrusted code	349
Cache Poisoning via low-privileged code injection	349, 094
Checkout of untrusted code in a privileged context	829
Checkout of untrusted code in trusted context	829
Code injection	094, 095, 116
Environment variable built from user-controlled sources	077, 020
Excessive Secrets Exposure	312
Improper Access Control	285
PATH environment variable built from user-controlled sources	077, 020
Storage of sensitive information in GitHub Actions artifact	312
Unmasked Secret Exposure	312
Untrusted Checkout TOCTOU	367
Untrusted Checkout TOCTOU	367
Use of a known vulnerable action	1395
Workflow does not contain permissions	275
Artifact poisoning	829
Checkout of untrusted code in trusted context	829
Code injection	094, 095, 116
Environment variable built from user-controlled sources	077, 020
PATH environment variable built from user-controlled sources	077, 020
Unpinned tag for a non-immutable Action in workflow	829

Кто может использовать эту функцию?

Built-in queries for GitHub Actions analysis