-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Documentation re: Running CodeQL in containerized environment needs update. It is possible but only in a Kubernetes Pod with 2 containers sharing a process. #13958
-
Please update the documentation at: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
The execution of a code scan where there is a build for a compiled languge can work with a build which occurs in a separate container.
This is possible running a 2-container Pod in Kubernetes using the following specification for a pod:
spec:
shareProcessNamespace: true
I can provide evidence but this is a fairly straightforward use case to implement and validate.
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment 1 reply
-
That's an interesting approach indeed. Do things also work if the two containers have a different folder structure ?
Beta Was this translation helpful? Give feedback.
All reactions
-
all storage for either container is viewable by the other container using that notation.
check out the reference info at the bottom of this page: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ which discusses filesystems.
Beta Was this translation helpful? Give feedback.