Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build: add codeql #14729

Merged
merged 2 commits into from Aug 5, 2021
Merged

Build: add codeql #14729

merged 2 commits into from Aug 5, 2021

Conversation

aladdin-add
Copy link
Member

@aladdin-add aladdin-add commented Jun 20, 2021

refs: https://securitylab.github.com/tools/codeql

Prerequisites checklist

What is the purpose of this pull request? (put an "X" next to an item)

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[ x] Other, please explain:

What changes did you make? (Give an overview)

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise.

Is there anything you'd like reviewers to focus on?

@eslint-github-bot eslint-github-bot bot added the triage An ESLint team member will look at this issue soon label Jun 20, 2021
@aladdin-add aladdin-add added evaluating The team will evaluate this issue to decide whether it meets the criteria for inclusion infrastructure Relates to the tools used in the ESLint development process and removed triage An ESLint team member will look at this issue soon labels Jun 20, 2021
@nzakas
Copy link
Member

nzakas commented Jun 26, 2021

There’s not enough info in the pull request to understand why we should add CodeQL or what exactly this PR enables. Can you please explain how this benefits the project and how it actually works?

@aladdin-add
Copy link
Member Author

aladdin-add commented Aug 3, 2021

image

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

more info can be found in https://github.com/github/codeql-action :)

nzakas
nzakas approved these changes Aug 5, 2021
Copy link
Member

@nzakas nzakas left a comment

LGTM

@nzakas nzakas merged commit b8b2d55 into master Aug 5, 2021
16 checks passed
@nzakas nzakas deleted the aladdin-add-patch-2 branch Aug 5, 2021
@eslint-github-bot eslint-github-bot bot locked and limited conversation to collaborators Feb 2, 2022
@eslint-github-bot eslint-github-bot bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Feb 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion evaluating The team will evaluate this issue to decide whether it meets the criteria for inclusion infrastructure Relates to the tools used in the ESLint development process
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants