Code scanning #1654

	name: Code scanning

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '33 19 * * *'

	jobs:
	static-analysis:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Java JDK
	uses: actions/setup-java@v4
	with:
	java-version: 21
	distribution: temurin

	- name: Validate Gradle wrapper
	uses: gradle/wrapper-validation-action@v2

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v3

	- name: Run Detekt & Lint
	continue-on-error: true
	run: ./gradlew detektDebug lint --continue

	- name: Upload SARIF binary
	uses: actions/upload-artifact@v4
	with:
	name: sarif-reports
	path: '*/.sarif'

	upload-results:
	needs: static-analysis
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	strategy:
	matrix:
	path:
	- core/api
	- core/compose-logviewer
	- core/compose-segmentedprogressindicator
	- core/design
	- core/strong-result
	- features/apps
	- features/auth
	- features/credentials
	- features/dashboard
	- features/dataprotection
	- features/datasets
	- features/network
	- features/power
	- features/reporting
	- features/shares
	- features/storage
	- features/systemsettings
	- features/virtualization
	- app
	steps:
	- name: Download scan results
	uses: actions/download-artifact@v4
	with:
	name: sarif-reports

	- uses: github/codeql-action/upload-sarif@v3
	continue-on-error: true
	with:
	sarif_file: ${{ matrix.path }}/
	category: ${{ matrix.path }}

Provide feedback