-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Add GitHub workflow to scan project with CodeQL #4252
🌱 Add GitHub workflow to scan project with CodeQL #4252
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: camilamacedo86 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
4c80737
to
d6cf181
Compare
.github/workflows/codeql.yml
Outdated
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v3 | ||
with: | ||
languages: ${{ matrix.language }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can't go
be hardcoded here ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx good point, I think we can simplify it !
.github/workflows/codeql.yml
Outdated
languages: ${{ matrix.language }} | ||
build-mode: ${{ matrix.build-mode }} | ||
|
||
- if: matrix.language == 'go' && matrix.build-mode == 'manual' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure when this condition is true (manual
build mode)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx good point, I think we can simplify it !
This workflow introduces CodeQL to automatically scan the project for security vulnerabilities, supporting efforts to maintain a secure codebase. It also helps us comply with standards like the Cybersecurity Certification Act (CCA) by ensuring continuous security monitoring.
d6cf181
to
d4ddf42
Compare
Hi @grzesuav Really thank you for your review. So, since it is just a check that does not impact the end users and we addressed all I am moving forward However, if you see any possible improvement here as anybody else please feel free to push a PR with your suggestions. |
Follow up of : #4252 We do not want to run for each Pull Request. Execute it once per week is more than enough
Update codeql.yml to run the workflow once per week only Follow up of : #4252 We do not want to run for each Pull Request. Execute it once per week is more than enough
This workflow introduces CodeQL to automatically scan the project for security vulnerabilities, supporting efforts to maintain a secure codebase. It also helps us comply with standards like the Cybersecurity Certification Act (CCA) by ensuring continuous security monitoring.
Motivated by: #3712