-
Notifications
You must be signed in to change notification settings - Fork 312
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add codeql analysis in workflows #240
Conversation
Codecov Report
@@ Coverage Diff @@
## main #240 +/- ##
=======================================
Coverage 67.17% 67.17%
=======================================
Files 145 145
Lines 15261 15261
=======================================
Hits 10251 10251
Misses 4241 4241
Partials 769 769
Flags with carried forward coverage won't be shown. Click here to find out more. Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
/hold for remaining issues
|
1873693
to
b8851cb
Compare
bb0f21e
to
516879f
Compare
445ae30
to
c92e392
Compare
0e04588
to
552c71d
Compare
4403ebc
to
f7299f0
Compare
f76b213
to
6a0e78a
Compare
Signed-off-by: Jason Liu <jasonliu747@gmail.com>
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hormes The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Jason Liu jasonliu747@gmail.com
Ⅰ. Describe what this PR does
CodeQL is the analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis.
In CodeQL, code is treated like data. Security vulnerabilities, bugs, and other errors are modeled as queries that can be executed against databases extracted from code.
This PR would allow our CI to discover vulnerabilities across a codebase with CodeQL.