New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CodeQL Analysis workflow #3769
Conversation
86d1ac6
to
14ef5fe
Compare
It doesn't run. The message is
|
Maybe you could try the CLI version and see if its useful first. |
I enabled the default scan from my repository settings. The only problems it found were related to Scintilla https://github.com/andy5995/geany/security/code-scanning |
Erm, the link doesn't work. |
That's because:
Only scans of pull requests are publicly visible, per the docs. |
You could also just open a PR in your fork from the branch with the CodeQL workflow in it. If an alert doesn't appear automatically, there should be an option to publish it. |
Sounds good.
|
Adding |
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Understood!
Done.
Done.
Done. Some examples of this workflow include a cron schedule as well. Would you like that added, and if so, how often should it be scheduled? |
Thanks!
I would say once in a month is a good start. |
d0ff4df
to
629514d
Compare
I would still recommend this simple change. And it seems the configuration still has syntax errors: https://github.com/geany/geany/actions/runs/8135027731/workflow |
That seems outdated. I added the workflow_dispatch and fixed the cron syntax/indentation about a week ago. |
Sorry, I guess I didn't properly refresh this page and so commented on the old code. Looks good to me now. |
No worries @eht16 , I know mistakes happen to humans. Cheers! |
No description provided.