CHORE: CodeQL ADO pipeline task #259

bewithgaurav · 2025-09-25T10:21:08Z

Work Item / Issue Reference

AB#38859

Summary

This pull request adds a new CodeQL security analysis job to the pr-validation-pipeline.yml to improve automated security scanning of the codebase. The changes introduce a dedicated container for the CodeQL job, install necessary dependencies, and ensure the C++ extension is built for analysis.

Security and CI pipeline enhancements:

Added a new CodeQLAnalysis job to the pipeline to perform CodeQL security analysis, including initialization and finalization steps.
Introduced a codeqlContainer using the ubuntu:20.04 image to provide a consistent environment for CodeQL analysis.
Added steps to install build dependencies and Python 3.13, and to install Python requirements needed for CodeQL.
Included a step to build the C++ extension (mssql_python/pybind/build.sh) as part of the CodeQL analysis process.

Copilot

Pull Request Overview

This PR adds CodeQL security analysis capabilities to the PR validation pipeline by introducing a dedicated CodeQL analysis job that runs alongside existing tests.

Adds a new CodeQLAnalysis job with Ubuntu 20.04 container for consistent analysis environment
Installs necessary build dependencies and Python 3.13 for CodeQL analysis
Builds the C++ extension as part of the analysis process to ensure complete code coverage

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

eng/pipelines/pr-validation-pipeline.yml

CHORE: CodeQL ADO pipeline task

3147cd1

Copilot AI review requested due to automatic review settings September 25, 2025 10:21

github-actions bot added the pr-size: small Minimal code update label Sep 25, 2025

Copilot AI reviewed Sep 25, 2025

View reviewed changes

eng/pipelines/pr-validation-pipeline.yml Outdated Show resolved Hide resolved

sudo

1524531