Cole-Greer commented on PR #1947: URL: https://github.com/apache/tinkerpop/pull/1947#issuecomment-1387491400
> Thanks a lot for tackling this! The changes also look good to me basically. The .NET scan however includes this in its logs: > > ``` > Analysis produced the following diagnostic data: > > | Diagnostic | Summary | > +------------------------------+--------------------+ > | Extraction errors | 1 result (1 error) | > | Compilation error | 8 results | > | Compilation message | 16 results | > | Successfully extracted files | 272 results | > ``` > > Doesn't this mean that it found something? And shouldn't that be reported? The diagnostics here is referring to what code it was able to analyze, not what the results of that analysis was. The extraction error there means that there was one file which codeQL failed to extract for analysis. We could potentially learn more from running codeQL in debug mode. According to the codeQL [docs](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#extraction-errors-in-the-database): "A small number of extractor errors is healthy and typically indicates a good state of analysis." The results of a single job can be viewed from the "code scanning results" section of the checks tab ([here for this PR](https://github.com/apache/tinkerpop/pull/1947/checks?check_run_id=10709124951)). All of the analysis results for the repo are also collected in the security tab [here](https://github.com/apache/tinkerpop/security/code-scanning). (Hopefully that link works, it is only accessible to committers). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
