npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

codeql-agent

v0.3.4

Published

A CodeQL tool to automatically execute code scanning.

Downloads

36

Readme

CodeQL Agent CLI

NPM version NPM downloads MIT License

CodeQL Agent CLI is a tool that automates the process of using CodeQL, a semantic code analysis engine, to execute code scanning. It makes the process of finding security vulnerabilities in code simple and efficient.

Features

  • Automated CodeQL from detect language, create database and scan.
  • Scan remote target (e.g. GitHub repository) or local target (e.g. source code folder). Support scan list of target.
  • Support running on Docker which prepackaged and precompiled CodeQL for running code scanning (under development).
  • Send results to Discord webhook.

Requirements

  • For normal use, you need to install the CodeQL CLI.
  • For Docker support, you need to install Docker and are not required to install CodeQL CLI.

Install CodeQL Agent CLI

Install CodeQL Agent CLI from npm:

npm install -g codeql-agent

Getting Started

  1. Install CodeQL Agent CLI.
npm install -g codeql-agent
  1. Scan your codebase.
codeql-agent scan

Usage

codeql-agent -h

or for more details about command:

codeql-agent scan -h

This will display help for the tool. Here are all the switches of scan command supports.

   ____          _       ___  _          _                    _   
  / ___|___   __| | ___ / _ \| |        / \   __ _  ___ _ __ | |_ 
 | |   / _ \ / _` |/ _ \ | | | |       / _ \ / _` |/ _ \ '_ \| __|
 | |__| (_) | (_| |  __/ |_| | |___   / ___ \ (_| |  __/ | | | |_ 
  \____\___/ \__,_|\___|\__\_\_____| /_/   \_\__, |\___|_| |_|\__|
                                             |___/                
        Author: doublevkay - Version: 0.3.4

Usage: codeql-agent scan [options] <target>

scan a target. Target could be source code folder, remote repository (e.g. GitHub repository) or a list of target.

Arguments:
  target                          source code folder, remote repository or list of target.

  Examples:
        codeql-agent scan src/sammple
        codeql-agent scan targets.txt
        codeql-agent scan https://github.com/OWASP/NodeGoat

Options:
  -l, --language <language>       language of source code. Supported languages: go, java, cpp, csharp, cpp, javascript, ruby. Omitting this option to auto-detect the
                                  language.
  -o, --output <output>           output folder. Default: <target>-codeql-results
  -c, --command <command>         command to create database for compiled languages, omit if the only languages requested are Python and JavaScript. This specifies
                                  the build commands needed to invoke the compiler. If you don't set this variable, CodeQL will attempt to detect the build system
                                  automatically, using a built-in autobuilder
  -t, --threads <number>          number of threads to use. Pass 0 to use one threads per core on the machine. Default: 1 (default: 1)
  --query <query>                 CodeQL query to run. Default: <language>-security-extended.qls
  --format <format>               output format. Default: sarif-latest (default: "sarif-latest")
  --overwrite                     overwrite existing database.
  --download                      download missing queries before analyzing.
  --remove-remote-repository      remove the remote repository after cloning.
  --db-output <dbOutput>          database folder path.
  --remove-database               remove the CodeQL database after scanning.
  --create-db-only                only create CodeQL database, do not scan.
  --enable-file-logging           enable file logging.
  --discord-webhook <webhookUrl>  discord web hook to send the result to.
  --use-docker                    use docker to isolated run CodeQL.
  -v, --verbose                   verbose output
  -h, --help                      display help for command

Using CodeQL Agent on VSCode

If you want to use CodeQL Agent on VSCode, you can install the CodeQL Agent extension from the VSCode Marketplace.

Contributors

License

This tool is released by CodeQL Agent Project - a non-profit organization from community and are not the official team of CodeQL, under the MIT License. For the full text of this, please consult our LICENSE.md file.

Note that this license applies only to the tool in this repository, for more information on the license governing use of the CodeQL CLI that it uses, please consult the GitHub CodeQL Terms and Conditions. In particular, note that there are restrictions on how you may use the the CodeQL CLI on code that is not released under an OSI-approved open source software license.