FlorianHockmann commented on PR #1947: URL: https://github.com/apache/tinkerpop/pull/1947#issuecomment-1396535991
> The diagnostics here is referring to what code it was able to analyze, not what the results of that analysis was. The extraction error there means that there was one file which codeQL failed to extract for analysis. We could potentially learn more from running codeQL in debug mode. According to the codeQL [docs](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#extraction-errors-in-the-database): "A small number of extractor errors is healthy and typically indicates a good state of analysis." Thanks for the explanation, that's good to know. > All of the analysis results for the repo are also collected in the security tab [here](https://github.com/apache/tinkerpop/security/code-scanning). (Hopefully that link works, it is only accessible to committers). Yep, that's working. Looks good to me. I also agree with your assessment of the 3 warnings it found. I'll just leave the Go one open for someone with more Go experience to confirm & mark as a FP. Overall, this is good to go from my side. VOTE +1 But this probably has to wait a bit as we're currently in code freeze. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
