Skip to content

Commit d8f8adb

Browse files
Phillip9587Phillip9587
authored
ci: add CodeQL (SAST) (#670)
1 parent 6d133c1 commit d8f8adb

File tree

1 file changed

+71
-0
lines changed

1 file changed

+71
-0
lines changed

.github/workflows/codeql.yml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
# You may wish to alter this file to override the set of languages analyzed,
5+
# or to provide custom queries or build logic.
6+
#
7+
# ******** NOTE ********
8+
# We have attempted to detect the languages in your repository. Please check
9+
# the `language` matrix defined below to confirm you have the correct set of
10+
# supported CodeQL languages.
11+
#
12+
name: "CodeQL"
13+
14+
on:
15+
push:
16+
branches: ["1.x"]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches: ["1.x"]
20+
schedule:
21+
- cron: "0 0 * * 1"
22+
23+
permissions:
24+
contents: read
25+
26+
jobs:
27+
analyze:
28+
name: Analyze
29+
runs-on: ubuntu-latest
30+
permissions:
31+
actions: read
32+
contents: read
33+
security-events: write
34+
strategy:
35+
fail-fast: false
36+
matrix:
37+
language: [javascript, actions]
38+
39+
steps:
40+
- name: Checkout repository
41+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
42+
43+
# Initializes the CodeQL tools for scanning.
44+
- name: Initialize CodeQL
45+
uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
46+
with:
47+
languages: ${{ matrix.language }}
48+
config: |
49+
paths-ignore:
50+
- test
51+
# If you wish to specify custom queries, you can do so here or in a config file.
52+
# By default, queries listed here will override any specified in a config file.
53+
# Prefix the list here with "+" to use these queries and those in the config file.
54+
55+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
56+
# If this step fails, then you should remove it and run the build manually (see below)
57+
# - name: Autobuild
58+
# uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
59+
60+
# ℹ️ Command-line programs to run using the OS shell.
61+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
62+
63+
# If the Autobuild fails above, remove it and uncomment the following three lines.
64+
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
65+
66+
# - run: |
67+
# echo "Run, Build Application using script"
68+
# ./location_of_script_within_repo/buildscript.sh
69+
70+
- name: Perform CodeQL Analysis
71+
uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5

0 commit comments

Comments
 (0)