Swift projects results
#21181
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, a question please, about code scanning results of 2 projects. We have two very similar projects, which are built and scanned in a GitHub workflow, like so (whether in a separate or single task):
xcodebuild -scheme project1 -project project1.xcodeproj -sdk iphonesimulator build CODE_SIGNING_ALLOWED=NO
xcodebuild -scheme project2 -project project2.xcodeproj -sdk iphonesimulator build CODE_SIGNING_ALLOWED=NO
Then github/codeql-action/analyze@v4 runs the code scan (tried after each separate build step, or once after both xcodebuild commands executed in a single task). The results are very similar, especially:
Number of extracted AST nodes | 308400 <------------ this part shows up for both projects in the analysis step
But Analyze step shows this information for only one of the projects:
CodeQL scanned 32 out of 278 Swift files in this invocation. Check the status page for overall coverage information
And in GitHub, number of files scanned shows up here: security/code-scanning/tools/CodeQL/status
Does this mean that Analyze step without "files" message did not actually scan Swift code, or that it's a separate scan of "physical" files outside of build output? Also if there's any advice on .xcodeproj settings, that would allow CodeQL scan process to analyze all files, please.
Thanks in advance
Vlad
Beta Was this translation helpful? Give feedback.
All reactions