Skip to content
/ codeql-tekton-example Public template

Example of running CodeQL in Tekton

License

MIT, Apache-2.0 licenses found

Licenses found

MIT
LICENSE
Apache-2.0
LICENSE.txt
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bxtp4p-demos/codeql-tekton-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.devcontainer
.devcontainer
 
 
.mvn/wrapper
.mvn/wrapper
 
 
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
tekton
tekton
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
LICENSE.txt
LICENSE.txt
 
 
build.gradle
build.gradle
 
 
docker-compose.yml
docker-compose.yml
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
original-readme.md
original-readme.md
 
 
pom.xml
pom.xml
 
 
readme.md
readme.md
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

CodeQL Tekton Example

This repository contains an example of how to use CodeQL with Tekton.

Prerequisites

  • A Kubernetes cluster (taken care of for you if you're using this from a GitHub Codespace)
  • Tekton installed on the cluster (taken care of for you if you're using this from a GitHub Codespace)
  • A GitHub account with a repository to upload SARIF results to. Make sure GitHub Advanced Security is enabled for the repository.
  • A GitHub personal access token with the security_events scope

Setup

  1. Fork this repository

  2. Install the git-clone task:

    kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-clone/0.6/git-clone.yaml

  3. Create a secret containing your GitHub personal access token:

    kubectl create secret generic github-token --from-literal=token=<your token>

  4. Create a secret containing your ssh key:

    kubectl create secret generic my-ssh-credentials --from-file=<path to private key>

  5. Update the following values in ./tekton/pipelinerun.yaml

    params:
- name: github-url
   value: github.com
- name: repository
   value: bxtp4p-demos/codeql-tekton-example

  6. Navigate to the tekton directory and add the CodeQL build task and pipeline:

    cd tekton
kubectl apply -f codeql-build-task.yaml -f pipeline.yaml

Running the pipeline

  1. Navigate to the tekton directory:
cd tekton

Create a pipeline run:

kubectl create -f pipelinerun.yaml

View the logs using tkn cli:

tkn pipelinerun logs -f test-codeql-xxxxx

You can see the uploaded SARIF results in the GitHub Security tab in the repository you specified for the repository parameter.

GitHub Codespace

If you're using this from a GitHub Codespace, Tekton installed in Minikube.

Minikube may not be started when you first open the Codespace. If this is the case, you can start it with:

minikube start

You can then install and run the pipeline as described above.

Tekton Dashboard

Tekton Dashboard is installed in the Codespace. You can access it by running:

kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097

Then open up the PORTS tab in the Codespace and click on the link next to 9097. This will open up the Tekton Dashboard in a new browser tab.

About

Example of running CodeQL in Tekton

Topics

kubernetes actions codeql ghas codespaces

Resources

Readme

License

MIT, Apache-2.0 licenses found

Licenses found

MIT
LICENSE
Apache-2.0
LICENSE.txt
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages