This method renames the CodeQL tool in the results, which breaks CodeQL Autofix and may affect other features of Code Scanning
Legacy Scans + Alert Closure
If a configuration is no longer utilized (EOL of a service in monorepo) and there is a shared piece of code that is scanned for each service - it is CRITICAL that the old tool CodeQL-EOLservice configuration is removed. Missing uploads of a tool will prevent an alert from closing even after the alert is remediated. Viewing the Affected branches can make this apparent, choose the 🗑️ symbol on the missing configuration.
Autofix
CodeQL Autofixes are not generated when analyses are uploaded with a renamed tool
Tool Status Page
- Code Scanning - Tool Status Page does not properly identify CodeQL as the intended tool and file coverage information is not shown
- If any of the
jobs in a configuration fails to upload, you will see failing status for ALL "tools" that are scanning from the same job.
Repo Rulesets
Enforcing Require code scanning results will require a configuration for every iteration of the tool name
This method renames the CodeQL tool in the results, which breaks CodeQL Autofix and may affect other features of Code ScanningLegacy Scans + Alert Closure
If a configuration is no longer utilized (EOL of a service in monorepo) and there is a shared piece of code that is scanned for each service - it is CRITICAL that the old tool
CodeQL-EOLserviceconfiguration is removed. Missing uploads of a tool will prevent an alert from closing even after the alert is remediated. Viewing theAffected branchescan make this apparent, choose the🗑️symbol on the missing configuration.Autofix
CodeQL Autofixes are not generated when analyses are uploaded with a renamed
toolTool Status Page
jobsin a configuration fails to upload, you will see failing status for ALL "tools" that are scanning from the same job.Repo Rulesets
Enforcing
Require code scanning resultswill require a configuration for every iteration of thetoolname