CodeQL #23

Workflow file for this run

.github/workflows/codeql-analysis.yaml at 38b4c32

	name: "CodeQL"
	on:
	push:
	branches:
	- 'main'
	- 'release-v*'
	pull_request:
	schedule:
	- cron: '0 12 * * *'
	permissions:
	contents: read
	jobs:
	analyze-go:
	name: Analyze Go
	runs-on: ubuntu-latest
	permissions:
	actions: read # github/codeql-action/init@v2
	security-events: write # github/codeql-action/init@v2
	steps:
	- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	- uses: ./.github/actions/install-deps
	- run: make vulncheck
	- uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8
	with:
	languages: go
	- uses: github/codeql-action/autobuild@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8
	- uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8
	# Javascript is added here for evaluating Github Action vulnerabilities
	# https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/#2-enable-code-scanning-for-workflows
	analyze-github-actions:
	name: Analyze Github Actions
	runs-on: ubuntu-latest
	permissions:
	actions: read # github/codeql-action/init@v2
	security-events: write # github/codeql-action/init@v2
	steps:
	- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	- uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8
	with:
	languages: javascript
	config: \|
	packs:
	# Use the latest version of 'codeql-javascript' published by 'advanced-security'
	# This will catch things like actions that aren't pinned to a hash
	- advanced-security/codeql-javascript
	paths:
	- '.github/workflows'
	- '.github/actions'
	- uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CodeQL #23

Workflow file

CodeQL #23

Jobs

Run details

Workflow file for this run