A helper python library to integrate CodeQL into Jenkins pipelines and output a sarif file.
The library can download CodeQL if it's not found. By default it looks for codeql ./codeql, ~/codeql and C:/Program Files/codeql. It runs on both Python 2.7 and 3.x.
For example, for a sample C# app located in C:/app:
from codeql_jenkins import Scan source_root = "./app" build_command = "dotnet clean && dotnet build" db_name = "codeql-db" language = "csharp" queries = "codeql/csharp" sarif_output_name = "codeql-results.sarif" scan = Scan() scan.retrieve_codeql() scan.create_database(build_command, db_name, source_root, language) scan.analyze_database(db_name, queries, sarif_output_name)INFO:root:Looking for CodeQL INFO:root:Didn't find CodeQL in codeql INFO:root:Didn't find CodeQL in C:\Users\slemos\codeql INFO:root:Didn't find CodeQL in C:\Program Files\codeql INFO:root:Dowloading codeql INFO:root:Extracting codeql INFO:root:Using CodeQL from C:\Sources\codeql_jenkins\codql_jenkins\codeql\codeql.cmd INFO:root:Creating database ... INFO:root:Wrote sarif to codeql-results.sarif This repository is provided as-is and isn't bound to Malwarebytes' SLA.