github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
Your window into the Elastic Stack
80023 commits 499 branches 518 tags 21 GiB
Find a file
Elena Shostak 9dd4205639
[CodeQL] Local run script (#194272) 
## Summary

This PR introduces a script that allows developers to run CodeQL
analysis locally. It uses a Docker container with prebuilt CodeQL
queries to facilitate easy setup and execution.
The script has the following key steps:
- Creating a CodeQL database from the source code. The database is
essentially a representation of the codebase that CodeQL uses to analyze
for potential issues.
- Running the analysis on the created database,
`javascript-security-and-quality` suit is used.

### Usage
```
bash scripts/codeql/quick_check.sh -s path/to/your-source-dir
```
For example
```
bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links
```

The `-s` option allows you to specify the path to the source code
directory that you wish to analyze.

### Why custom Docker file?
Checked the ability to use MSFT image for local run
https://github.com/microsoft/codeql-container. Turned out it has several
problems:
1. The published one has an error with [execute
permissions](https://github.com/microsoft/codeql-container/issues/53).
2. Container has outdated nodejs version, so it didn't parse our syntax
(like `??`) and failed.
3. The technique used in the repository to download the CodeQL binaries
and precompile the queries is outdated in the sense that GitHub now
offers pre-compiled queries you can just download. Follow this
[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).

Taking this into consideration I have created a lightweight docker image
without extraneous dependencies for go/.net/java.

## Context and interdependencies issues
There are issues sometimes when analyze run returns no results,
particularly when analyzing a single folder.
It might be due to the missing context for the data flow graph CodeQL
generates or context for interdependencies. This is actually a trade off
of running it locally for a subset of source directories. We need to
explicitly state that in the documentation and advise to expand the
scope of source code directories involved for local scan.

Documentation for triaging issues will be updated separately.

__Closes: https://github.com/elastic/kibana/issues/195740__
2024-10-28 13:40:27 +01:00
.buildkite [ci] Use es snapshot cache on miscellaneous steps, adjust schedule (#197294) 2024-10-25 12:25:02 -05:00
.devcontainer Fix dev container repo path, add limitations docs (#193488) 2024-09-19 15:07:18 -07:00
.github [FTR][Ownership] Assign visualize, etc (#197664) 2024-10-25 11:20:42 -05:00
api_docs [api-docs] 2024-10-27 Daily api_docs build (#197930) 2024-10-27 01:38:17 -05:00
config Set mget task claim strategy as the default (#197070) 2024-10-25 08:57:46 -04:00
dev_docs Update hello_world_plugin.mdx (#197104) 2024-10-22 15:58:06 +01:00
docs [OpenAPI][DOCS] Add descriptions, examples, responses for role APIs (#195527) 2024-10-25 10:13:57 -07:00
examples [Core] [UA] Support API Deprecations (#196081) 2024-10-22 19:57:37 +03:00
kbn_pm Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
legacy_rfcs rename @elastic/* packages to @kbn/* (#138957) 2022-08-18 08:54:42 -07:00
licenses Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
oas_docs [Security Solution][Notes] - fix createdBy filter for notes management page (#197706) 2024-10-25 15:37:23 -05:00
packages [ES|QL] Update function metadata (#197940) 2024-10-28 11:01:01 +01:00
plugins
scripts [CodeQL] Local run script (#194272) 2024-10-28 13:40:27 +01:00
src [Discover][ES|QL] Rename Documents tab to Results (#197833) 2024-10-28 12:45:39 +01:00
test [Discover] Fix suggestions for ES|QL charts (#197583) 2024-10-25 17:17:02 +02:00
typings Updated js-yaml to v4 (#190678) 2024-09-19 12:25:03 +02:00
x-pack [Security Solution][Detection Engine] removes legacy alerting endpoints from Security Solution dev scripts (#197424) 2024-10-28 07:36:23 -05:00
.backportrc.json chore(NA): adds 8.16 into backportrc (#196606) 2024-10-17 03:22:13 +01:00
.bazelignore Remove references to deleted .ci folder (#177168) 2024-02-20 19:54:21 +01:00
.bazeliskversion chore(NA): upgrade bazelisk into v1.11.0 (#125070) 2022-02-09 20:43:57 +00:00
.bazelrc chore(NA): use new and more performant BuildBuddy servers (#130350) 2022-04-18 02:01:38 +01:00
.bazelrc.common Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
.bazelversion chore(NA): revert bazel upgrade for v5.2.0 (#135096) 2022-06-24 03:57:21 +01:00
.browserslistrc Add Firefox ESR to browserlistrc (#184462) 2024-05-29 17:53:18 -05:00
.editorconfig
.eslintignore [ES|QL] New @kbn/esql-services package (#179029) 2024-03-27 14:39:48 +01:00
.eslintrc.js [Sustainable Kibana Architecture] Update plugins (wave #1) (#195375) 2024-10-25 16:05:27 +02:00
.gitattributes
.gitignore [CodeQL] Local run script (#194272) 2024-10-28 13:40:27 +01:00
.i18nrc.json [Logs Overview] Add a flyout to show category document examples (#194867) 2024-10-24 15:49:27 +01:00
.node-version Upgrade Node.js to 20.15.1 (#187791) 2024-07-15 12:34:07 -05:00
.npmrc [npmrc] Fix puppeteer_skip_download configuration (#177673) 2024-02-22 18:59:01 -07:00
.nvmrc Upgrade Node.js to 20.15.1 (#187791) 2024-07-15 12:34:07 -05:00
.prettierignore
.prettierrc
.puppeteerrc Add .puppeteerrc (#179847) 2024-04-03 09:14:39 -05:00
.stylelintignore
.stylelintrc Bump stylelint to ^14 (#136693) 2022-07-20 10:11:00 -05:00
.telemetryrc.json [Telemetry] Fix telemetry-tools TS parser for packages (#149819) 2023-01-31 04:09:09 +03:00
.yarnrc
BUILD.bazel Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
catalog-info.yaml [sonarqube] Disable cron (#190611) 2024-08-15 09:19:09 -05:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md
FAQ.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
fleet_packages.json [main] Sync bundled packages with Package Storage (#192007) 2024-09-03 12:26:57 -05:00
github_checks_reporter.json
kibana.d.ts Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
LICENSE.txt Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
NOTICE.txt [React@18] useLayoutEffect when setting value from a prop in react-monaco-editor (#195775) 2024-10-17 13:24:06 +02:00
package.json Set mget task claim strategy as the default (#197070) 2024-10-25 08:57:46 -04:00
preinstall_check.js Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
README.md
renovate.json Improve stack traces in dev mode (#195916) 2024-10-18 17:35:08 +02:00
RISK_MATRIX.mdx
run_fleet_setup_parallel.sh [Fleet] Prevent concurrent runs of Fleet setup (#183636) 2024-05-31 16:38:51 +02:00
SECURITY.md
sonar-project.properties [sonarqube] update memory, cpu (#190547) 2024-09-09 16:16:30 -05:00
STYLEGUIDE.mdx [styleguide] update path to scss theme (#140742) 2022-09-15 10:41:14 -04:00
tsconfig.base.json Set mget task claim strategy as the default (#197070) 2024-10-25 08:57:46 -04:00
tsconfig.browser.json
tsconfig.browser_bazel.json
tsconfig.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
TYPESCRIPT.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
updatecli-compose.yaml deps(updatecli): bump all policies (#195865) 2024-10-15 07:37:12 -05:00
versions.json chore(NA): update versions after v7.17.26 bump (#197325) 2024-10-23 01:56:33 +01:00
WORKSPACE.bazel chore(NA): remove usage of re2 and replace it with a non native module (#188134) 2024-07-15 20:33:28 +01:00
yarn.lock Set mget task claim strategy as the default (#197070) 2024-10-25 08:57:46 -04:00

README.md

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation Example Kibana version Example ES version Outcome
Versions are the same. 7.15.1 7.15.1 💚 OK
ES patch number is newer. 7.15.0 7.15.1 ⚠️ Logged warning
ES minor number is newer. 7.14.2 7.15.0 ⚠️ Logged warning
ES major number is newer. 7.15.1 8.0.0 🚫 Fatal error
ES patch number is older. 7.15.1 7.15.0 ⚠️ Logged warning
ES minor number is older. 7.15.1 7.14.2 🚫 Fatal error
ES major number is older. 8.0.0 7.15.1 🚫 Fatal error

Questions? Problems? Suggestions?

  • If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
  • Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.