CodeQL CLI --ref option #14122
-
| In our CI/CD we are not using actions. Instead we use the CLI commands to create and analyze the database for a project. In the final step we have to upload the sarif file to GitHub. How do we get the name of the ref we are analyzing? On a push it seems pretty straight forward that the ref is just  | 
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
| If you're talking about a pull request context then you can use the ref  For the merge it would be  Note, though, that full integration of the results into the PR (where annotations for found alerts are put into the diff) might possibly only work if GitHub actually knows the merge commit. So if you create a merge commit locally you might not see annotations because the code scanning logic is looking for a different commit sha than the one you provided. I think you should be able to get data about these refs via  | 
Beta Was this translation helpful? Give feedback.
They are two different refs that point to the same commit, yes.