Feature - Enable Codeql Check for GitHubAction #987
Labels
kind/enhancement
New feature or request
Comments
naveensrinivasan
added a commit
that referenced
this issue
Sep 9, 2021
Included codeql check for GitHub actions #987
2 tasks
2 tasks
naveensrinivasan
added a commit
that referenced
this issue
Sep 9, 2021
Included codeql check for GitHub actions #987
naveensrinivasan
added a commit
that referenced
this issue
Sep 9, 2021
Included codeql check for GitHub actions #987
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The scorecard repository has GitHub Actions that can run into script injections. https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#understanding-the-risk-of-script-injections.
To mitigate this there is CodeQL to analyze the code. https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-codeql-to-analyze-your-code
Describe the solution you'd like
To enable the CodeQL check for checking for insecure GitHubAction the repository needs a one JavaScript file and CodeQL must be configured to make to analyze for Javascript.
The text was updated successfully, but these errors were encountered: