Skip to content

Commit f4438aa

Browse files
mbaludambaluda
authored
Update README.md
In preparation of making the project open source
1 parent bd55222 commit f4438aa

File tree

1 file changed

+46
-3
lines changed

1 file changed

+46
-3
lines changed

README.md

Lines changed: 46 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,48 @@
1-
# Overview
2-
[CodeQL](https://codeql.github.com/) models and queries for the SAP frameworks:
1+
# CodeQL: SAP Javascript frameworks
2+
This repository contains [CodeQL](https://codeql.github.com/) models and queries for SAP Javascript frameworks:
33
- [CAP](javascript/frameworks/cap) (https://cap.cloud.sap/)
44
- [UI5](javascript/frameworks/ui5) (https://sapui5.hana.ondemand.com/)
5-
- [XSJS](javascript/frameworks/xsjs) (https://www.npmjs.com/package/@sap/async-xsjs)
5+
- [XSJS](javascript/frameworks/xsjs) (https://www.npmjs.com/package/@sap/async-xsjs)
6+
7+
### Published CodeQl packs
8+
- [advanced-security/javascript-sap-cap-queries](https://github.com/advanced-security/codeql-sap-js/pkgs/container/javascript-sap-cap-queries)
9+
- [advanced-security/javascript-sap-ui5-queries](https://github.com/advanced-security/codeql-sap-js/pkgs/container/javascript-sap-ui5-queries)
10+
- [advanced-security/javascript-sap-async-xsjs-queries](https://github.com/advanced-security/codeql-sap-async-xsjs/pkgs/container/javascript-sap-async-xsjs-queries)
11+
12+
## Usage
13+
14+
### Building the CodeQL database
15+
16+
1. Include and index XML, JSON and CDS files by setting the necessary environment variables:
17+
```
18+
export LGTM_INDEX_XML_MODE='ALL'
19+
export LGTM_INDEX_FILETYPES=".json:JSON\n.cds:JSON"
20+
```
21+
2. Compile all the CDS files using the SAP cds toolkit
22+
```
23+
npm install -g @sap/cds-dk
24+
for cds_file in $(find . -type f \( -iname '*.cds' \) -print)
25+
do
26+
cds compile $cds_file \
27+
-2 json \
28+
-o "$cds_file.json" \
29+
--locations
30+
done
31+
```
32+
3. Build the database [as usual](https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual/database-create)
33+
```
34+
codeql database create <DB_NAME> --language=javascript
35+
```
36+
37+
### Analyzing the database [with Code Scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-query-packs)
38+
[Example](https://github.com/advanced-security/codeql-sap-js/blob/main/.github/codeql/codeql-config.yaml#L3-L7).
39+
40+
### Analyzing the database with [with the CodeQL CLI](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#using-a-codeql-pack-to-analyze-a-codeql-database).
41+
Example:
42+
```
43+
codeql database analyze <DB_NAME> advanced-security/javascript-sap-ui5-queries --download --format=sarif-latest --output=<OUTPUT_FILE>
44+
```
45+
46+
## License
47+
48+
The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).

0 commit comments

Comments
 (0)