How to use a config file for codeql database analyze ?

[Hug0Vincent]

I would like to use a config file for the CLI command codeql database analyze like the --codescanning-config one. But --codescanning-config is only available for codeql database create, is there an equivalent ? I would like to pick different packs / threat model etc from a config file but I can't find the right option. There is --qlconfig-file and --sarif-codescanning-config but i'm not sure it's the right option.

[jketema]

There's no equivalent. Whatever you specify through --codescanning-config while running codeql database create or codeql database init will then also apply to codeql database analyze. You command use command line options to override whatever was specified in the config file used during database create. See https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual/database-analyze#querydirsuitepack.

Also relevant in your case is likely: https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual/database-analyze#options-to-control-the-threat-models-to-be-used