Static Analysis #6169

Workflow file for this run

.github/workflows/static-analysis.yml at 9597ac5

	# SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
	#
	# SPDX-License-Identifier: AGPL-3.0-only

	name: Static Analysis

	on:
	push:
	branches: [ develop ]
	pull_request:
	branches: [ develop ]
	schedule:
	- cron: '0 7 * * 6'

	permissions:
	actions: read
	contents: read
	security-events: write

	jobs:
	njsscan:
	runs-on: ubuntu-latest
	name: Njsscan code scanning
	steps:
	- name: Checkout the code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Scan with njsscan
	id: njsscan
	uses: ajinabraham/njsscan-action@74e5a58c1edb363b84c9ddd626b0e22f038ac09e # master
	with:
	args: '--sarif --output results.sarif src \|\| true'
	- name: Upload njsscan report
	uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
	with:
	sarif_file: results.sarif

	codeql:
	name: CodeQL analysis
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	language: [ 'javascript' ]
	# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Initialize CodeQL
	uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
	with:
	languages: ${{ matrix.language }}
	queries: +security-and-quality

	- name: Autobuild
	uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
	with:
	category: "/language:${{ matrix.language }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Static Analysis #6169

Workflow file

Static Analysis #6169

Jobs

Run details

Workflow file for this run