Which file is used to configure CodeQL languages?

Prepare for the GitHub Advanced Security Certification Test. Practice with multiple choice questions, detailed explanations, and hints. Achieve success on your first attempt!

Multiple Choice

Which file is used to configure CodeQL languages?

Explanation:
CodeQL languages are configured where the CodeQL analysis is actually orchestration by GitHub Actions. The file that does this is the CodeQL analysis workflow file, usually named codeql-analysis.yml and stored under .github/workflows. In that workflow, the CodeQL action is invoked with a languages setting (often in the init step), telling CodeQL which languages to build and analyze for each run. This is why this file is the place to configure which languages get scanned. The other options don’t set the languages for CodeQL. A README provides documentation but isn’t used to drive the scan, a credentials file would hold secrets rather than configuration for languages, and a codeql-analysis resource isn’t the file that configures the analysis.

CodeQL languages are configured where the CodeQL analysis is actually orchestration by GitHub Actions. The file that does this is the CodeQL analysis workflow file, usually named codeql-analysis.yml and stored under .github/workflows. In that workflow, the CodeQL action is invoked with a languages setting (often in the init step), telling CodeQL which languages to build and analyze for each run. This is why this file is the place to configure which languages get scanned.

The other options don’t set the languages for CodeQL. A README provides documentation but isn’t used to drive the scan, a credentials file would hold secrets rather than configuration for languages, and a codeql-analysis resource isn’t the file that configures the analysis.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy