mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
Your window into the Elastic Stack
9a7dafcf38
# Backport This will backport the following commits from `main` to `8.x`: - [[CodeQL] Local run script (#194272)](https://github.com/elastic/kibana/pull/194272) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Elena Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-28T12:40:27Z","message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","enhancement","release_note:skip","v9.0.0","backport:prev-minor"],"title":"[CodeQL] Local run script","number":194272,"url":"https://github.com/elastic/kibana/pull/194272","mergeCommit":{"message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194272","number":194272,"mergeCommit":{"message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b"}}]}] BACKPORT--> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com> |
||
|---|---|---|
| .buildkite | ||
| .devcontainer | ||
| .github | ||
| api_docs | ||
| config | ||
| dev_docs | ||
| docs | ||
| examples | ||
| kbn_pm | ||
| legacy_rfcs | ||
| licenses | ||
| oas_docs | ||
| packages | ||
| plugins | ||
| scripts | ||
| src | ||
| test | ||
| typings | ||
| x-pack | ||
| .backportrc.json | ||
| .bazelignore | ||
| .bazeliskversion | ||
| .bazelrc | ||
| .bazelrc.common | ||
| .bazelversion | ||
| .browserslistrc | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .gitattributes | ||
| .gitignore | ||
| .i18nrc.json | ||
| .node-version | ||
| .npmrc | ||
| .nvmrc | ||
| .prettierignore | ||
| .prettierrc | ||
| .puppeteerrc | ||
| .stylelintignore | ||
| .stylelintrc | ||
| .telemetryrc.json | ||
| .yarnrc | ||
| BUILD.bazel | ||
| catalog-info.yaml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| FAQ.md | ||
| fleet_packages.json | ||
| github_checks_reporter.json | ||
| kibana.d.ts | ||
| LICENSE.txt | ||
| NOTICE.txt | ||
| package.json | ||
| preinstall_check.js | ||
| README.md | ||
| renovate.json | ||
| RISK_MATRIX.mdx | ||
| run_fleet_setup_parallel.sh | ||
| SECURITY.md | ||
| sonar-project.properties | ||
| STYLEGUIDE.mdx | ||
| tsconfig.base.json | ||
| tsconfig.browser.json | ||
| tsconfig.browser_bazel.json | ||
| tsconfig.json | ||
| TYPESCRIPT.md | ||
| versions.json | ||
| WORKSPACE.bazel | ||
| yarn.lock | ||
Kibana
Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.
- Getting Started
- Documentation
- Version Compatibility with Elasticsearch
- Questions? Problems? Suggestions?
Getting Started
If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.
If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.
Using a Kibana Release
If you want to use a Kibana release in production, give it a test run, or just play around:
- Download the latest version on the Kibana Download Page.
- Learn more about Kibana's features and capabilities on the Kibana Product Page.
- We also offer a hosted version of Kibana on our Cloud Service.
Building and Running Kibana, and/or Contributing Code
You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:
- CONTRIBUTING.md will help you get Kibana up and running.
- If you would like to contribute code, please follow our STYLEGUIDE.mdx.
- For all other questions, check out the FAQ.md and wiki.
Documentation
Visit Elastic.co for the full Kibana documentation.
For information about building the documentation, see the README in elastic/docs.
Version Compatibility with Elasticsearch
Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.
Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.
| Situation | Example Kibana version | Example ES version | Outcome |
|---|---|---|---|
| Versions are the same. | 7.15.1 | 7.15.1 | 💚 OK |
| ES patch number is newer. | 7.15.0 | 7.15.1 | ⚠️ Logged warning |
| ES minor number is newer. | 7.14.2 | 7.15.0 | ⚠️ Logged warning |
| ES major number is newer. | 7.15.1 | 8.0.0 | 🚫 Fatal error |
| ES patch number is older. | 7.15.1 | 7.15.0 | ⚠️ Logged warning |
| ES minor number is older. | 7.15.1 | 7.14.2 | 🚫 Fatal error |
| ES major number is older. | 8.0.0 | 7.15.1 | 🚫 Fatal error |
Questions? Problems? Suggestions?
- If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
- Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.