-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Which qls file should I use if I have to do the dependency scanning for maven project language java #18840
-
Which qls file should I use if I have to do the dependency scanning for maven project language java ?
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 1
Replies: 2 comments 2 replies
-
Hi @rprakash0604,
You should use the maven-qls file for dependency scanning in a Maven Java project. Make sure to integrate it with your scanning tool, like SonarQube, and follow its configuration.
Beta Was this translation helpful? Give feedback.
All reactions
-
can you please let me know the path/location of maven-qls file ?
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 1
-
@rprakash0604
The maven-qls file is usually found in the CodeQL repository under the ql directory. You can clone or download the repository to access it.
Beta Was this translation helpful? Give feedback.
All reactions
-
The Java suite files are located here: https://github.com/github/codeql/tree/main/java/ql/src/codeql-suites
java-code-scanning.qls is the default suite on Code Scanning; security-extended and security-and-quality offer successively more queries that are less accurate or address a less-severe issue, ultimately including non-security issues.
Beta Was this translation helpful? Give feedback.