> For the complete documentation index, see [llms.txt](https://rahuls-organization-17.gitbook.io/handshake/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rahuls-organization-17.gitbook.io/handshake/architecture-and-contribution/local-setup/codeql-local-setup.md).

# CodeQL Local Setup

CodeQL scans our handshake repo. for security checks, it runs periodically (weekly) on our master branch, and for every PR raised or pushed for `master` and `build`

> Currently, I have not added automation scripts to fasten our local setup, so it would involve some time-consuming manual tasks.

### Why you might need a local setup?

You will need this for fixing the security bugs highlighted by CodeQL.

### Steps for Js/Ts codebase

1. Download CodeQL CLI from the [CodeQL Release Page](https://github.com/github/codeql-action/releases)

> when done. you can follow the rest of the steps from [docs](https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli).

{% hint style="info" %}
I downloaded the package, extracted it into a folder, and then used `codeql.exe` this was my command,&#x20;

`"Downloads\codeql\codeql.exe" create js-ts-db --language=javascript-typescript`
{% endhint %}

{% hint style="warning" %}
Before you run queries, make sure to delete static builds of the storybook or dashboard, else you might have to wait for a long time.
{% endhint %}

you can change the path of the CodeQL executable.

2. If needed you can explore this [Queries list](https://docs.github.com/en/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries).
3. Analyze Repo. - `"codeql\codeql.exe" database analyze js-ts-db --format=sarif-latest -o test.sarif`
4. Install Extension to support viewing \`.sarif\` log files
5. Once done, you can run the queries and test the bug side-by-side

### Reference:

* [Code QL Setup for VSCode](https://codeql.github.com/docs/codeql-for-visual-studio-code)
* [CodeQL CLI Setup on your machine](https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli)
