The series that makes it easy to run CodeQL locally and have access to results from any PR or push to master. Those that have access can see the results directly in "Code Scanning" in the "Security" tab of the edk2 repo. That may be affected in times like freezes when permissions are adjusted (write permission is needed). I am hoping we can work together to improve the overall quality of the code and minimize the number of CodeQL alerts. This is an example of that interface: *Overview of Issues (many)* *Example of Details for a Specific Issue* *---* *However, you can always download the results for an individual package* from its GitHub Action run. I encourage people to do so. 1. Go to Actions -> CodeQL ( https://github.com/tianocore/edk2/actions/workflows/codeql.yml ) (https://github.com/tianocore/edk2/actions/workflows/codeql.yml). Anything to "master" are results at that point in time on the master branch. Individual PR branches are shown to get results for a specific PR. 2. Download and open the SARIF file for a package. In the commit to master shown above in https://github.com/tianocore/edk2/actions/runs/6779575049, for MdeModulePkg, I would download "MdeModulePkg-CodeQL-SARIF" and unzip. 3. Open the SARIF file to view results. For example, drag/drop the file "codeql-db-mdemodulepkg-debug-0.sarif" into VS Code with the "SARIF Viewer" ( https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer ) installed. It shows all of the issues by file or rule with click to the problem and more details about it. There are other SARIF viewers available as well. Keep in mind that CodeQL will often not highlight everything that needs to be done to fix an issue. It alerts the developer to an issue and then you need to inspect the code to determine if other code paths or refactoring should be applied. I will create a wiki page with more user focused information, but I wanted to share some quick info for getting started. More technical details about how the plugin itself works and applying exceptions are available in its readme - edk2/BaseTools/Plugin/CodeQL/Readme.md at master ยท tianocore/edk2 (github.com). ( https://github.com/tianocore/edk2/blob/master/BaseTools/Plugin/CodeQL/Readme.md ) Thanks, Michael -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110855): https://edk2.groups.io/g/devel/message/110855 Mute This Topic: https://groups.io/mt/102444916/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-