Which component runs the CodeQL queries during Code Scanning?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

Which component runs the CodeQL queries during Code Scanning?

Explanation:
Code Scanning executes the CodeQL queries through the CodeQL-based workflow. In GitHub, this workflow runs inside GitHub Actions, setting up the CodeQL environment, building a database of the code, and then running the CodeQL queries across the supported languages. The results are produced in a format GitHub can surface (SARIF) in the Security tab. This workflow is the mechanism that actually performs the analysis, rather than the GitHub API service, an external scanning service, or a local IDE plugin, which operate outside the Code Scanning pipeline.

Code Scanning executes the CodeQL queries through the CodeQL-based workflow. In GitHub, this workflow runs inside GitHub Actions, setting up the CodeQL environment, building a database of the code, and then running the CodeQL queries across the supported languages. The results are produced in a format GitHub can surface (SARIF) in the Security tab. This workflow is the mechanism that actually performs the analysis, rather than the GitHub API service, an external scanning service, or a local IDE plugin, which operate outside the Code Scanning pipeline.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy