From 2ac737daeb4c7dd0dc079811a783f9ace08f1040 Mon Sep 17 00:00:00 2001 From: Mohamed Zeidan <81834882+mohamedzeidan2021@users.noreply.github.com> Date: Thu, 11 Jul 2024 15:13:42 -0700 Subject: [PATCH 1/3] feat: added code scanning through CodeQL Delete .github/workflows/security-monitoring.yml --- .github/workflows/codeql.yml | 38 ++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..ddfce83c0e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: "CodeQL" +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '30 8 * * *' +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ${{ 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + # required to fetch internal or private CodeQL packs + packages: read + + strategy: + matrix: + include: + - language: python + build-mode: none + - language: java-kotlin + build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 4dda9799d7cfa65af4e4dff299d2798e3fb7ba61 Mon Sep 17 00:00:00 2001 From: Mohamed Zeidan <81834882+mohamedzeidan2021@users.noreply.github.com> Date: Thu, 25 Jul 2024 16:06:04 -0700 Subject: [PATCH 2/3] Removed comments and pinned action to commit sha --- .github/workflows/codeql.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ddfce83c0e..a8bfd3941b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,9 +11,7 @@ jobs: name: Analyze (${{ matrix.language }}) runs-on: ${{ 'ubuntu-latest' }} permissions: - # required for all workflows security-events: write - # required to fetch internal or private CodeQL packs packages: read strategy: @@ -25,14 +23,13 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. + uses: actions/checkout@6ccd57f4c5d15bdc2fef309bd9fb6cc9db2ef1c6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@4b1d7da102ff94aca014c0245062b1a463356d72 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@4b1d7da102ff94aca014c0245062b1a463356d72 with: - category: "/language:${{matrix.language}}" + category: "/language:${{matrix.language}}" s From 437f2389d4c5cc4d46584c3cdc016935d451986a Mon Sep 17 00:00:00 2001 From: Mohamed Zeidan <81834882+mohamedzeidan2021@users.noreply.github.com> Date: Thu, 25 Jul 2024 16:07:47 -0700 Subject: [PATCH 3/3] fixed syntax error --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a8bfd3941b..32c8d1f255 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,4 +32,4 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@4b1d7da102ff94aca014c0245062b1a463356d72 with: - category: "/language:${{matrix.language}}" s + category: "/language:${{matrix.language}}"