The latest release of the CodeQL CLI supports uploading analysis results to GitHub. This makes it easier to run code analysis for customers who wish to use CI/CD systems other than GitHub Actions. Previously, such users had to use the separate CodeQL Runner, which will continue to be available.
To get started, first download the updated CodeQL bundle, which includes the updated CodeQL CLI, and check out your codebase at the Git reference you want to analyze. After analyzing your codebase with
codeql database create ... and
codeql database analyze ..., you can use the new
codeql github upload-results command to upload the SARIF file with scanning results back to GitHub Code Scanning.
codeql github upload-results currently works for one language at a time and can replace the current workflow of
codeql-runner init / build / codeql-runner analyze when a single language is being analyzed.
If you want to analyze more than one language at a time or integrate CodeQL as a separate step into your existing CI workflow, you may use CodeQL runner.