Skip to content

Commit

Permalink
Add content on support for running default setup with self-hosted run…
Browse files Browse the repository at this point in the history
…ners on GHEC (#47767)

Co-authored-by: mc <[email protected]>
  • Loading branch information
sabrowning1 and mchammer01 authored Dec 19, 2023
1 parent 3e958d2 commit b45153a
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 11 deletions.
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
---
title: Configuring code scanning for your appliance
title: "{% ifversion ghes %}Configuring code scanning for your appliance{% elsif default-setup-self-hosted-runners-GHEC %}Configuring self-hosted runners for code scanning in your enterprise{% endif %}"
shortTitle: Configuring code scanning
intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.location.product_location %}. {% data variables.product.prodname_code_scanning_caps %} allows users to scan code for vulnerabilities and errors.'
intro: 'You can enable, configure, and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_name %}{% ifversion default-setup-self-hosted-runners-GHEC %} without {% data variables.product.prodname_dotcom %}-hosted runners{% endif %}. {% data variables.product.prodname_code_scanning_caps %} allows users to scan code for vulnerabilities and errors.'
allowTitleToDifferFromFilename: true
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /enterprise/admin/configuration/configuring-code-scanning-for-your-appliance
- /admin/configuration/configuring-code-scanning-for-your-appliance
- /admin/advanced-security/configuring-code-scanning-for-your-appliance
versions:
ghes: '*'
ghec: '*'
type: how_to
topics:
- Advanced Security
Expand All @@ -19,7 +21,7 @@ topics:
<!--The CodeQL CLI man pages include a link to a section in this article. If you rename this article,
make sure that you also update the MS short link: https://aka.ms/code-scanning-docs/configuring-ghes.-->

{% data reusables.code-scanning.beta %}
{% ifversion ghes %}

## About {% data variables.product.prodname_code_scanning %}

Expand Down Expand Up @@ -47,27 +49,41 @@ You can configure {% data variables.product.prodname_code_scanning %} to run {%

## Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}

### Setting up a self-hosted runner
### Provisioning a self-hosted runner

{% elsif default-setup-self-hosted-runners-GHEC %}

{% data variables.product.prodname_ghe_server %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)."
## Provisioning a self-hosted runner

{% note %}

**Note:** If your enterprise uses {% data variables.product.prodname_dotcom %}-hosted runners with {% data variables.product.prodname_actions %}, proceed directly to configuring {% data variables.product.prodname_code_scanning %} through {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)."

{% endnote %}

{% ifversion code-scanning-runner-label %}
{% endif %}

{% data variables.product.product_name %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)."

{% ifversion code-scanning-runner-label or default-setup-self-hosted-runners-GHEC %}
If you are provisioning a self-hosted runner for {% data variables.product.prodname_codeql %} analysis, your runner must use a {% data variables.product.prodname_codeql %}-supported operating system version and CPU architecture. For more information, see the [{% data variables.product.prodname_codeql %} system requirements](https://codeql.github.com/docs/codeql-overview/system-requirements/).

If you are using default setup for {% data variables.product.prodname_code_scanning %}, assign the `code-scanning` label to your self-hosted runner. For more information about using labels with self-hosted runners, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners)."{% ifversion code-scanning-default-setup-self-hosted-310 %} For more information about using default setup for code scanning analysis of compiled languages, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/codeql-code-scanning-for-compiled-languages)."{% endif %}
If you are using default setup for {% data variables.product.prodname_code_scanning %}, assign the `code-scanning` label to your self-hosted runner. For more information about using labels with self-hosted runners, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners)."{% ifversion code-scanning-default-setup-self-hosted-310 or default-setup-self-hosted-runners-GHEC %} For more information about using default setup for code scanning analysis of compiled languages, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/codeql-code-scanning-for-compiled-languages)."{% endif %}

{% endif %}

You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.

{% ifversion ghes > 3.7 or ghae > 3.7 %}
{% ifversion default-setup-self-hosted-runners-GHEC or ghes > 3.7 or ghae > 3.7 %}
{% note %}

If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed.
**Note:** If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed.

{% endnote %}
{% endif %}

{% ifversion ghes %}

### Provisioning the actions for {% data variables.product.prodname_code_scanning %}

{% ifversion ghes %}
Expand Down Expand Up @@ -97,3 +113,4 @@ If you configure the {% data variables.product.prodname_codeql %} action sync to
If you don't want to use {% data variables.product.prodname_actions %}, you should run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_cli %}.

The {% data variables.product.prodname_codeql_cli %} is a command-line tool that you use to analyze codebases on any machine, including a third-party CI/CD system. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."
{% endif %}
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ topics:

For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can use default setup, which analyzes your code and automatically configures your {% data variables.product.prodname_code_scanning %}, or advanced setup, which generates a workflow file you can edit. {% ifversion codeql-swift-advanced-setup %}Default setup can analyze all compiled languages supported by {% data variables.product.prodname_codeql %}.{% endif %} For more information about advanced setup, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)."

{% ifversion code-scanning-default-setup-self-hosted-310 %}
{% ifversion code-scanning-default-setup-self-hosted-310 or default-setup-self-hosted-runners-GHEC %}
You can use default setup with self-hosted runners for all {% data variables.product.prodname_codeql %}-supported languages{% ifversion codeql-swift-advanced-setup %} except Swift{% endif %}. Default setup will always run the `autobuild` action, so you should configure your self-hosted runners to make sure they can run all necessary commands for C/C++, C#, and Java analysis. Analysis of Javascript/Typescript, Go, Ruby, Python, and Kotlin code does not currently require special configuration.
{% endif %}

Expand Down Expand Up @@ -78,7 +78,7 @@ If your workflow uses a `language` matrix, `autobuild` attempts to build each of
{% ifversion ghae %}
**Note**: {% data reusables.actions.self-hosted-runners-software %}
{% else %}
**Note**: If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. {% ifversion code-scanning-default-setup-self-hosted-310 %} For self-hosted runners, you should install dependencies directly in the runners themselves. We provide examples of common dependencies for C/C++, C#, and Java in each of the `autobuild` sections of this article for those languages. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}-hosted runners are always run with the software required by `autobuild`.{% endif %}
**Note**: If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. {% ifversion code-scanning-default-setup-self-hosted-310 or default-setup-self-hosted-runners-GHEC %} For self-hosted runners, you should install dependencies directly in the runners themselves. We provide examples of common dependencies for C/C++, C#, and Java in each of the `autobuild` sections of this article for those languages. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)."{% endif %}{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}-hosted runners are always run with the software required by `autobuild`.{% endif %}
{% endif %}

{% endnote %}
Expand Down
5 changes: 5 additions & 0 deletions data/features/default-setup-self-hosted-runners-GHEC.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Default setup supports self-hosted runners on GHEC
# Reference: #12365

versions:
ghec: '*'

0 comments on commit b45153a

Please sign in to comment.