I have integrated CodeQL in my github project via website. It works, it analyses and produce SARIF files. And then it says that results were successfully uploaded:
Uploading results
Processing sarif files: ["/home/runner/work/my_project/results/cpp-builtin.sarif"]
Uploading results
Successfully uploaded results
Where? Where I can find these results and read them? How CodeQL indicates that there are issues found? My .yaml contains:
- run: |
sudo -n apt-get install -y autopoint gettext
autoreconf --install
./configure
make
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
GitHub repository -> Security tab -> Code scanning alerts
GitHub docs