Conversation

Notices

1. Embed this notice
   Greg K-H (gregkh@social.kernel.org)'s status on Saturday, 16-Nov-2024 16:41:48 JST Greg K-H

   • Adolph
   @captainepoch Odd, works for me!
   
   How about this https://github.com/gregkh/usbutils/security/code-scanning
   
   And it's obviously picking up the temp files that meson uses for "does this compiler have this feature" but that's temp files, and not actually in the repo itself. Surely tools like meson are handled properly, right?
   • Embed this notice
     tbodt (tbodt@mastodon.social)'s status on Saturday, 16-Nov-2024 16:49:19 JST tbodt

     in reply to

     • Adolph

     @gregkh @captainepoch oh here is where it got configured https://github.com/gregkh/usbutils/commit/15f33f0dc49ec58c8761fa33da2afc0486164610

   • Embed this notice
     Greg K-H (gregkh@social.kernel.org)'s status on Saturday, 16-Nov-2024 16:49:19 JST Greg K-H

     in reply to

     • Adolph
     • tbodt
     @tbodt @captainepoch Yes, enabling it is good. Stupid tests claiming problems that are not actually present at all are not good.
     
     Drowns out any potential real issues.
   • Embed this notice
     tbodt (tbodt@mastodon.social)'s status on Saturday, 16-Nov-2024 16:49:20 JST tbodt

     in reply to

     • Adolph

     @gregkh @captainepoch this is probably only visible to repo admins (because security issues shouldn't be disclosed publicly or something). also i did a quick web search and found the docs https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning

   • Embed this notice
     Greg K-H (gregkh@social.kernel.org)'s status on Saturday, 16-Nov-2024 17:38:20 JST Greg K-H

     in reply to

     • tbodt
     @tbodt codeql really wants to build the code, as I'm guessing it is doing so with a compiler hack to get at the files needed to analyze. I guess we can turn that off, let me try that out...
   • Embed this notice
     tbodt (tbodt@mastodon.social)'s status on Saturday, 16-Nov-2024 17:38:21 JST tbodt

     in reply to

     @gregkh your last toot showed errors in meson generated files so maybe delete the Build step from the codeql workflow? i'm not sure why exactly you'd want that in static analysis. though there must be some reason the original author put it there so i'm not too sure either way.

   • Embed this notice
     tbodt (tbodt@mastodon.social)'s status on Saturday, 16-Nov-2024 17:38:31 JST tbodt

     in reply to

     @gregkh oh here is how you ignore specific paths https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan

   • Embed this notice
     Greg K-H (gregkh@social.kernel.org)'s status on Saturday, 16-Nov-2024 17:38:31 JST Greg K-H

     in reply to

     • tbodt
     @tbodt Oh, nice, let me attempt that...
   • Embed this notice
     Greg K-H (gregkh@social.kernel.org)'s status on Saturday, 16-Nov-2024 17:47:04 JST Greg K-H

     in reply to

     • tbodt
     @tbodt Nope, didn't work. Or I got the yaml wrong, which is probably the real reason here...