-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CodeQL security scanning #9763
Conversation
@jhutchings1 thanks for the PR - we would love to use CodeQL, looks like the PR is sent for a Java project we are a Go project can this be changed accordingly? |
Auto-detection found Java code, but that doesn't seem to actually be in the repo. Adding the override excludes that.
Thanks @harshavardhana. It looks like the auto-language detection detected Java for some reason, but I've excluded it and started the build again. |
Mint Automation
|
Thanks @kannappanr and @harshavardhana! If you're game, I'm happy to send PRs for the other Go, Python, or JavaScript repos in your org to get you jumpstarted. I've got a script that makes this easy, so just let me know! We also support other languages (C, C++, C#, Java), but the build configuration on those is occasionally more involved, so that's more likely to require work from a maintainer. |
Please do happy for all the work GitHub has done here. |
Manually specify go and javascript for analysis
Hi, I'm a PM on the GitHub security team. This repository is eligible to try the new GitHub Advanced Security code scanning beta.
Code scanning runs a static analysis tool called CodeQL which scans your code at build time to find any potential security issues. We've tuned the set of queries to be only the most severe, most precise issues. We'll show alerts in the security tab, and we'll show alerts for any net new vulnerabilities on pull requests as well. We've tried to make this super developer friendly, but we'd love your feedback as we work through the beta.
If you're interested in trying it out, you can merge this pull request to set up the Actions workflow.