Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL Security Scanning #3341

Merged
merged 2 commits into from Mar 29, 2021
Merged

Add CodeQL Security Scanning #3341

merged 2 commits into from Mar 29, 2021

Conversation

caniszczyk
Copy link
Contributor

A little security scanning doesn't hurt, let's start by adding one tool first: CodeQL via GH.

Signed-off-by: Chris Aniszczyk caniszczyk@gmail.com

@caniszczyk
Add CodeQL Security Scanning
a63bd4d 
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
@thaJeztah
Copy link
Member

@chrispat PTAL I see one failure ("base branch not found"); is this an issue in the configuration that's added in this PR, or an issue on GitHub's side?

Screenshot 2021-01-28 at 22 57 36

@chrispat
Copy link
Collaborator

I think this is because we don't have code scanning data for main yet.

@thaJeztah
Copy link
Member

Ah, gotcha, makes sense.

thaJeztah
thaJeztah approved these changes Jan 28, 2021
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

.github/workflows/codeql-analysis.yml
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '41 13 * * 1'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOL, I always forget the format (github/codeql-action#242 😂); hopefully it gets added to the template at some point.

For others; this is 13:41, every Monday (once a week)

@thaJeztah
Copy link
Member

@caniszczyk Thanks! For future PRs, could you open the PR from a fork, instead of a branch on this repository? (trying to keep branches clean on the upstream repo)

@caniszczyk
Copy link
Contributor Author

caniszczyk commented Jan 28, 2021 via email

@chrispat chrispat self-requested a review February 19, 2021 17:32
chrispat
chrispat reviewed Feb 19, 2021
View reviewed changes
.github/workflows/codeql-analysis.yml Outdated

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Autobuild is not needed as it does not work for Go

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@caniszczyk would you mind removing this bit, even though it's not needed as it can confuse folks. Once that's done let's merge this in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@caniszczyk
Remove autobuild
62fc5c8 
Signed-off-by: Chris Aniszczyk <caniszczyk@gmail.com>
@milosgajdos milosgajdos merged commit 1b3c5c7 into main Mar 29, 2021
@milosgajdos milosgajdos deleted the add-codeql-security branch March 29, 2021 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrispat chrispat chrispat approved these changes

@milosgajdos milosgajdos milosgajdos left review comments

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees
No one assigned
Labels
status/2-code-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@caniszczyk @thaJeztah @chrispat @milosgajdos