Skip to content

Add CodeQL security scanning workflow#195

Merged
vharseko merged 1 commit into
OpenIdentityPlatform:masterfrom
vharseko:codeql-workflow
Jul 10, 2026
Merged

Add CodeQL security scanning workflow#195
vharseko merged 1 commit into
OpenIdentityPlatform:masterfrom
vharseko:codeql-workflow

Conversation

@vharseko

@vharseko vharseko commented Jul 9, 2026

Copy link
Copy Markdown
Member

Adds a GitHub Actions CodeQL workflow for automated security/quality scanning, adapted from the OpenAM setup.

What it does

  • Analyzes java-kotlin, javascript-typescript, and actions (build-mode: none).
  • Triggers on push/PR to master, a weekly schedule (Mon 03:27), and manual workflow_dispatch.
  • Uses the security-and-quality query suite.

OpenIDM-specific tuning

  • Dropped csharp from the language matrix — no C# in this repo.
  • paths-ignore tailored to OpenIDM's layout: **/src/test/**, **/src/it/**, **/*.min.js, **/node_modules/**, **/target/** (Maven build output), openidm-ui/extlib/** (vendored JS), and e2e/** (Playwright).

New file carries the standard CDDL header.

Adds a GitHub Actions CodeQL workflow that analyzes java-kotlin,
javascript-typescript, and actions on push/PR to master, on a weekly
schedule, and on demand. Uses the security-and-quality query suite and
ignores test sources, Maven build output (target), vendored JS
(openidm-ui/extlib), node_modules, and the e2e test project.
@vharseko vharseko added security Security fix / CVE remediation ci CI/CD, build and release workflows labels Jul 9, 2026
@vharseko vharseko requested a review from maximthomas July 9, 2026 12:08
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@vharseko vharseko merged commit b22fede into OpenIdentityPlatform:master Jul 10, 2026
34 checks passed
@vharseko vharseko deleted the codeql-workflow branch July 10, 2026 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci CI/CD, build and release workflows security Security fix / CVE remediation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants