|
33 | 33 |
|
34 | 34 | ## Release information |
35 | 35 |
|
36 | | -This user manual documents release `2.38.0-dev` of the coding standards located at [https://github.com/github/codeql-coding-standards](https://github.com/github/codeql-coding-standards). |
| 36 | +This user manual documents release `2.39.0-dev` of the coding standards located at [https://github.com/github/codeql-coding-standards](https://github.com/github/codeql-coding-standards). |
37 | 37 | The release page documents the release notes and contains the following artifacts part of the release: |
38 | 38 |
|
39 | 39 | - `coding-standards-codeql-packs-2.37.0-dev.zip`: CodeQL packs that can be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_. |
40 | | -- `code-scanning-cpp-query-pack-2.38.0-dev.zip`: Legacy packaging for the queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_. |
41 | | -- `supported_rules_list_2.38.0-dev.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule. |
42 | | -- `supported_rules_list_2.38.0-dev.md`: A Markdown formatted file with a table containing the supported rules per standard and the queries that implement the rule. |
43 | | -- `user_manual_2.38.0-dev.md`: This user manual. |
| 40 | +- `code-scanning-cpp-query-pack-2.39.0-dev.zip`: Legacy packaging for the queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_. |
| 41 | +- `supported_rules_list_2.39.0-dev.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule. |
| 42 | +- `supported_rules_list_2.39.0-dev.md`: A Markdown formatted file with a table containing the supported rules per standard and the queries that implement the rule. |
| 43 | +- `user_manual_2.39.0-dev.md`: This user manual. |
44 | 44 | - `Source Code (zip)`: A zip archive containing the contents of https://github.com/github/codeql-coding-standards |
45 | 45 | - `Source Code (tar.gz)`: A GZip compressed tar archive containing the contents of https://github.com/github/codeql-coding-standards |
46 | 46 | - `checksums.txt`: A text file containing sha256 checksums for the aforementioned artifacts. |
@@ -573,7 +573,7 @@ This section describes known failure modes for "CodeQL Coding Standards" and des |
573 | 573 | | | Out of space | Less output. Some files may be only be partially analyzed, or not analyzed at all. | Error reported on the command line. | Increase space. If it remains an issue report space consumption issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | |
574 | 574 | | | False positives | More output. Results are reported which are not violations of the guidelines. | All reported results must be reviewed. | Report false positive issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | |
575 | 575 | | | False negatives | Less output. Violations of the guidelines are not reported. | Other validation and verification processes during software development should be used to complement the analysis performed by CodeQL Coding Standards. | Report false negative issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | |
576 | | -| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.38.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | |
| 576 | +| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.39.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | |
577 | 577 | | | Incorrect deviation record specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation records with a reason. Ensure that all deviation records are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | |
578 | 578 | | | Incorrect deviation permit specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation permits with a reason. Ensure that all deviation permits are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | |
579 | 579 | | | Unapproved use of a deviation record | Less output. Results for guideline violations are not reported. | Validate that the deviation record use is approved by verifying the approved-by attribute of the deviation record specification. | Ensure that each raised deviation record is approved by an independent approver through an auditable process. | |
|
0 commit comments