Missing files in Files scanned

[MattPlum]

How can I get this number to 100%? I am running the default codeql.yaml file on a repo, with the addition of 'debug: true' parameter. I see the files that are missing in the exported CSV, but how can I add those to the scan?

I found this page:
https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/fewer-lines-scanned-than-expected

but is there a way to manually add these files to the .yaml file in order to scan them?

[smowton]

I assume you're using the autobuilder at the moment? If so, does the build it kicks off touch all the C# source you're interested in?

If it does, then there may be a problem with creating the CodeQL database and we should investigate further. On the other hand if there is C# source present that is not touched by that build, you could improve the coverage by replacing the autobuilder with a manual build command (or more than one) that builds all the source files you want to cover.

[MattPlum]

Hi thanks for the response. It sees the 30 files, but only scans 13 of them, so it doesnt touch all the code im interested in. I replaced the autobuilder with a manual build command:

- if: matrix.language == 'csharp'
  name: Build Csharp
  run: dotnet build "App.sln"

But it produces the same result of only scanning 13/30 files.

Is there a way to manually enter these files? I know the file names but just not sure how to force codeql to scan them

[smowton]

It seems likely there is an issue with database creation in that case. Are you able to share an example CodeQL database, or if the codebase is too sensitive for that, to reproduce the problem with dummy / shareable code?

[MattPlum]

Its alright, decided its not worth all the trouble to scan the missing files. Thanks for the help though