Using CodeQL on a .Net/C# Application

I enabled CodeQL on an older project that uses .Net framework. Repo is here

Adding the default CodeQL workflow failed as the ‘Autobuild’ task failed. According to the docs, I should manually build the solution which is fine. I did that but then CodeQL analysis failed as it could not find any code to analyse. It is not clear where the compiled code or source should be located for this to work.

Any tips on that as it is unclear where to place the files to proceed?

The workflow that ran and failed that I mentioned is here

cc: @jhutchings1

@glav,

I forked your repository and tested on my side, I can reproduce the same problems.

I have created an issue ticket (github/codeql-action#98) in the repository of the CodeQL Action to report the questions to the appropriate engineering team for further investigation and evaluation.

You can follow that issue ticket and add your comments on it.

1 Like

Engineering confirmed that this behavior is related to the UseSharedCompilation flag for msbuild and dotnet build. https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#using-net-core-2-for-builds-in-linux