Limitations - Documenting behaviors of renaming the tool in the uploaded SARIF

[felickz]

This method renames the CodeQL tool in the results, which breaks CodeQL Autofix and may affect other features of Code Scanning

Legacy Scans + Alert Closure

If a configuration is no longer utilized (EOL of a service in monorepo) and there is a shared piece of code that is scanned for each service - it is CRITICAL that the old tool CodeQL-EOLservice configuration is removed. Missing uploads of a tool will prevent an alert from closing even after the alert is remediated. Viewing the Affected branches can make this apparent, choose the 🗑️ symbol on the missing configuration.

Autofix

CodeQL Autofixes are not generated when analyses are uploaded with a renamed tool

Tool Status Page

• Code Scanning - Tool Status Page does not properly identify CodeQL as the intended tool and file coverage information is not shown

• If any of the jobs in a configuration fails to upload, you will see failing status for ALL "tools" that are scanning from the same job.

Repo Rulesets

Enforcing Require code scanning results will require a configuration for every iteration of the tool name