Merge pull request #98 from cisagov/improvement/update_codeql_workflow

Update the CodeQL workflow
cisagov · May 5, 2022 · 94be4ca · 94be4ca
2 parents ef206f9 + 55d2238
commit 94be4ca
Showing 1 changed file with 19 additions and 20 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -10,25 +10,29 @@ on:
   push:
     # Dependabot triggered push events have read-only access, but uploading code
     # scanning requires write access.
-    branches-ignore: [dependabot/**]
+    branches-ignore:
+      - dependabot/**
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [develop]
+    branches:
+      - develop
   schedule:
     - cron: '0 14 * * 6'
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-
+    permissions:
+      # required for all workflows
+      security-events: write
     strategy:
       fail-fast: false
       matrix:
         # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript',
-        # 'python']
-        language: ['python']
+        # Supported options are go, javascript, csharp, python, cpp, and java
+        language:
+          - python
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
 
@@ -38,31 +42,26 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a
-          # config file. By default, queries listed here will override any
-          # specified in a config file. Prefix the list here with "+" to use
-          # these queries and those in the config file. queries:
-          # ./path/to/local/query, your-org/your-repo/queries@main
 
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or
+      # Autobuild attempts to build any compiled languages (C/C++, C#, or
       # Java). If this step fails, then you should remove it and run the build
-      # manually (see below)
+      # manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
       # ✏️ If the Autobuild fails above, remove it and uncomment the following
-      # three lines and modify them (or add more) to build your code if your
-      # project uses a compiled language
+      #    three lines and modify them (or add more) to build your code if your
+      #    project uses a compiled language
 
       # - run: |
-      #   make bootstrap
-      #   make release
+      #     make bootstrap
+      #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2