René's URL Explorer Experiment


Title: Upload failed SARIF for risk assessments in `init-post` step by mbg · Pull Request #3519 · github/codeql-action · GitHub

Open Graph Title: Upload failed SARIF for risk assessments in `init-post` step by mbg · Pull Request #3519 · github/codeql-action

X Title: Upload failed SARIF for risk assessments in `init-post` step by mbg · Pull Request #3519 · github/codeql-action

Description: This modifies the init-post action to upload a failed SARIF as a workflow artifact for risk assessments. This mirrors what we do for Code Scanning, except there we upload the SARIF to the API. Risk assessment For internal use only. Please select the risk level of this change: Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. Which use cases does this change impact? Workflow types: Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...). Products: Other first-party - The changes impact other first-party analyses. Environments: Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency. How did/will you validate this change? Test repository - This change will be tested on a test repository before merging. Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files). End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks). If something goes wrong after this change is released, what are the mitigation and rollback strategies? Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix. How will you know if something goes wrong after this change is released? Telemetry - I rely on existing telemetry or have made changes to the telemetry. Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. Alerts - New or existing monitors will trip if something goes wrong with this change. Are there any special considerations for merging or releasing this change? Special considerations - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue. Merge / deployment checklist Confirm this change is backwards compatible with existing workflows. Consider adding a changelog entry for this change. Confirm the readme and docs have been updated if necessary.

Open Graph Description: This modifies the init-post action to upload a failed SARIF as a workflow artifact for risk assessments. This mirrors what we do for Code Scanning, except there we upload the SARIF to the API. Risk...

X Description: This modifies the init-post action to upload a failed SARIF as a workflow artifact for risk assessments. This mirrors what we do for Code Scanning, except there we upload the SARIF to the API. Risk...

Opengraph URL: https://github.com/github/codeql-action/pull/3519

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:1d10cb69-276d-3faf-a18d-309245c477ca
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idB704:1E311A:183733B:230B8CD:6A4CEE1F
html-safe-nonce09d8907331dcc6e3a98a6850ffd9fc3470a0c4dc50fea969f13cb391c5985dc5
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCNzA0OjFFMzExQToxODM3MzNCOjIzMEI4Q0Q6NkE0Q0VFMUYiLCJ2aXNpdG9yX2lkIjoiMTc5NTk4NDAyODc4OTk2MDIyMyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacdebc8bc4e6dfac2d8424c245ab0d4a9670deded4e7944c16025fc67d91fb5d41
hovercard-subject-tagpull_request:3332549433
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/github/codeql-action/pull/3519/files
twitter:imagehttps://avatars.githubusercontent.com/u/278086?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/278086?s=400&v=4
og:image:altThis modifies the init-post action to upload a failed SARIF as a workflow artifact for risk assessments. This mirrors what we do for Code Scanning, except there we upload the SARIF to the API. Risk...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None299b43bca6e02ad35197ffeba30d2466846d5fb02ab96fbced5b5e6cec589fb8
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/github/codeql-action git https://github.com/github/codeql-action.git
octolytics-dimension-user_id9919
octolytics-dimension-user_logingithub
octolytics-dimension-repository_id259445878
octolytics-dimension-repository_nwogithub/codeql-action
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id259445878
octolytics-dimension-repository_network_root_nwogithub/codeql-action
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseefec6750a5afcaeaf5dfcf629f404cf98c8371e3
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/github/codeql-action/pull/3519/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3519%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3519%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=github%2Fcodeql-action
Reloadhttps://github.com/github/codeql-action/pull/3519/files
Reloadhttps://github.com/github/codeql-action/pull/3519/files
Reloadhttps://github.com/github/codeql-action/pull/3519/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
github https://github.com/github
codeql-actionhttps://github.com/github/codeql-action
Notifications https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Fork 470 https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Star 1.6k https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Code https://github.com/github/codeql-action
Issues 156 https://github.com/github/codeql-action/issues
Pull requests 27 https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality 2 https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Code https://github.com/github/codeql-action
Issues https://github.com/github/codeql-action/issues
Pull requests https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
mbghttps://github.com/mbg
mainhttps://github.com/github/codeql-action/tree/main
mbg/csra/upload-failed-sarif-artifacthttps://github.com/github/codeql-action/tree/mbg/csra/upload-failed-sarif-artifact
Conversation 6 https://github.com/github/codeql-action/pull/3519
Findings https://github.com/github/codeql-action/pull/3519/findings
Commits 15 https://github.com/github/codeql-action/pull/3519/commits
Checks 244 https://github.com/github/codeql-action/pull/3519/checks
Files changed https://github.com/github/codeql-action/pull/3519/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
Upload failed SARIF for risk assessments in init-post step https://github.com/github/codeql-action/pull/3519/files#top
Show all changes 15 commits https://github.com/github/codeql-action/pull/3519/files
0f3e632 Rename secondary `run` to `uploadFailureInfo` mbg Feb 24, 2026 https://github.com/github/codeql-action/pull/3519/commits/0f3e6325802cb6fbe08b3ecb70454a8b213107d7
e9ce32d Change order of checks in `tryUploadSarifIfRunFailed` mbg Feb 24, 2026 https://github.com/github/codeql-action/pull/3519/commits/e9ce32d8078f95509668f449a64c013fd9a4b329
56d1ccc Change skipped reason message mbg Feb 24, 2026 https://github.com/github/codeql-action/pull/3519/commits/56d1ccc87a4a2034c5daeec44601f197fbaf4bda
60ca40e Refactor `prepareFailedSarif` out of `maybeUploadFailedSarif` mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/60ca40ecd42b75d02a64ba42d42c26b623618b7e
44b66a8 Upload failed SARIF as artifact for risk assessments mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/44b66a8064e35661c1ebd700dee861b9149bce02
f265dd9 Separate `generateFailedSarif` out of `prepareFailedSarif` mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/f265dd9392d918a2bd0736228989d389325e9990
5b9d1f4 Simplify `prepareFailedSarif` for risk assessments mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/5b9d1f4fdf979b0eba7338968177a97591ad986d
003044e Add test mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/003044eb8479a316ec1b199f4d30ad5b03be81c2
ce97dfe Sanitise artifact name mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/ce97dfe40565e250b82eaaabdd757d5545595a58
ca32b84 Ensure correct failed SARIF file names for CSRA mbg Feb 26, 2026 https://github.com/github/codeql-action/pull/3519/commits/ca32b84657b6298bc8df1fbaa1ec003e60649b73
383b86d Refactor some test setup code into `mockRiskAssessmentEnv` mbg Feb 27, 2026 https://github.com/github/codeql-action/pull/3519/commits/383b86ddcbd007aadb5b5dd9ac58229c6cf87b6d
1e7e52a Add tests where upload should get skipped mbg Feb 27, 2026 https://github.com/github/codeql-action/pull/3519/commits/1e7e52a33006c1f952fe1e2dfbee2630acc88a19
e995ba3 Add more tests/assertions mbg Feb 27, 2026 https://github.com/github/codeql-action/pull/3519/commits/e995ba3522528bd5b5d8f9202c952b25b1d22fa0
f3663cd Fix typos in comments mbg Feb 28, 2026 https://github.com/github/codeql-action/pull/3519/commits/f3663cdc324659061dee087b0d8d7d7f7c03f20d
746f940 Merge remote-tracking branch 'origin/main' into mbg/csra/upload-faile… mbg Mar 9, 2026 https://github.com/github/codeql-action/pull/3519/commits/746f940d10e9cf96d086ea2036b81cef264bd99d
Clear filters https://github.com/github/codeql-action/pull/3519/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
init-action-post.js https://github.com/github/codeql-action/pull/3519/files#diff-08750c194e36e3925a63362bbc1a7207690bd44add665b7c357e9d8b1861a4e6
config-utils.ts https://github.com/github/codeql-action/pull/3519/files#diff-14691739edd81c7a3c8a30fec2e77ee99f2d57f323523e502a73ab375982d6fa
init-action-post-helper.test.ts https://github.com/github/codeql-action/pull/3519/files#diff-62c5bc1fe681a41f34d74ef117f4aa52ae21023a6f78abe2655e635afa48b08a
init-action-post-helper.ts https://github.com/github/codeql-action/pull/3519/files#diff-b5d09ae3a926294c25f263fe282f10168d52ee21a08447eade997108a11523bd
init-action-post.ts https://github.com/github/codeql-action/pull/3519/files#diff-b20d2e5b98b2b7bb62f615d46b97c30d07e8c1f12e2f263a3a323d5ecf8b5ca6
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3519/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.