CMF
RDK Releases
Documentation
CMF Videos
Support
Support for CMF is provided by the RDK Support group.
To contact RDK Support:
Enter a ticket: https://jira.rdkcentral.com/
or
E-mail: support@rdkcentral.com
Page History
...
Includes JavaScript/TypeScript, Python, Java, C/C++, C#, Go, Ruby and Rust.
More details:
https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
Integration
- Runs via GitHub Actions.
- Can be triggered on push, pull request, or schedule.
- Integrates with branch protection rules and security policies.
...
Before Enabling Code Security:
After Enabling Code Security At Repo Level:
At Org Level:
About alerts from code scanning
The default CodeQL analysis is used to configure code scanning to check the code in a repository . When the analysis is complete, the resulting alerts are displayed alongside each other in the security view of the repository.
By default, code scanning analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see Triaging code scanning alerts in pull requests.
Viewing the alerts for a repository
You need write permission to view a summary of all the alerts for a repository on the Security tab.
...
Who can use this feature?
Users with write access
Generating suggested fixes for code scanning alerts
GitHub Copilot Autofix can generate fixes for alerts identified by code scanning analysis. Most CodeQL alert types are supported and also some alerts from third-party tools. For more information, see Responsible use of Copilot Autofix for code scanning.
Note
You do not need a subscription to GitHub Copilot to use GitHub Copilot Autofix. Copilot Autofix is available to all public repositories on GitHub.com. On GitHub, navigate to the main page of the repository.
...
For information about the limitations of automatically generated fixes, see Limitations of suggestions.
Fixing an alert manually
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has code scanning scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger code scanning analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see Triaging code scanning alerts in pull requests.
Dismissing alerts
There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert.
...
It's important to choose the appropriate reason from the drop-down menu as this may affect whether a query continues to be included in future analysis. Optionally, you can comment on a dismissal to record the context of an alert dismissal. The dismissal comment is added to the alert timeline and can be used as justification during auditing and reporting.
Dismissing multiple alerts at once
If a project has multiple alerts that you want to dismiss for the same reason, you can bulk dismiss them from the summary of alerts. Typically, you'll want to filter the list and then dismiss all of the matching alerts. For example, you might want to dismiss all of the current alerts in the project that have been tagged for a particular Common Weakness Enumeration (CWE) vulnerability.
Re-opening dismissed alerts
If you dismiss an alert but later realize that you need to fix the alert, you can re-open it and fix the problem with the code. Display the list of closed alerts, find the alert, display it, and reopen it. You can then fix the alert in the same way as any other alert.
About code scanning results on pull requests
In repositories where code scanning is configured as a pull request check, code scanning checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within GitHub Actions or in a third-party CI/CD system.
...
Code scanning displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see SARIF support for code scanning.
GitHub Copilot Autofix will suggest fixes for alerts from code scanning analysis (including CodeQL analysis) in repositories. For more information on working with suggestions from Copilot Autofix in pull requests, see Working with Copilot Autofix suggestions for alerts on a pull request.
Overview
Community Forums
Content Tools
Tasks