Skip to content
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.

Add CodeQL Analysis workflow #232

Closed
wants to merge 6 commits into from
Closed

Conversation

jhutchings1
Copy link

Adds a GitHub Actions workflow that runs CodeQL on every push, and on a daily schedule.

Code scanning looks for vulnerabilities, such as XSS, SQL injection, etc., in your code. If it finds any new vulnerabilities it surfaces them in the PR as check annotations, and blocks the build until they’re fixed or marked as false positives. If it finds any on the repo’s default branch it displays them in the security tab.

For now you also need to be feature flagged to see results in the security tab (as well as having write permission on this repo) - if you drop an email to jhutchings1@github.com I can get anyone you need added.

Finally, this is an early access program, so please don't share screenshots/tweet about this before May 6th when we're unveiling it at GitHub Satellite.

Cc: @greysteil

@jhutchings1
Copy link
Author

The autobuild for C++ isn't working, and I haven't been able to get that working in GitHub Actions just yet. As a result, I'm going to disable C++ analysis and leave it just to scan the JS. If somebody with more experience with how this project builds wants to take a stab at adding C++ back in, I'd welcome it!

@jhutchings1 jhutchings1 marked this pull request as draft April 30, 2020 03:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant