Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CodeQL as SAST Tool #1303

Merged
merged 1 commit into from
Sep 28, 2023
Merged

Enable CodeQL as SAST Tool #1303

merged 1 commit into from
Sep 28, 2023

Conversation

joycebrum
Copy link
Contributor

@joycebrum joycebrum commented Sep 27, 2023
edited
Loading

Closes #1300

I've configured it to run on c files and python.

For C, I've configured manually the build using as example the build.yml workflow. Let me know if I missed anything. There were only 10 findings on the codeql run.

As you said, I focused on the C build and just kept the python part because the autobuild was working well for it. Let me know if it would be better to drop it.

@ci-tester-lunarg
Copy link

Author joycebrum not on autobuild list. Waiting for curator authorization before starting CI build.

1 similar comment
@ci-tester-lunarg
Copy link

Author joycebrum not on autobuild list. Waiting for curator authorization before starting CI build.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

charles-lunarg
charles-lunarg reviewed Sep 28, 2023
View reviewed changes
Copy link
Collaborator

@charles-lunarg charles-lunarg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only change I'd like to ask is to squash the commits down into one. Otherwise it looks very nice. I see the list of issues the code analyzer found, and will create PR for them shortly.

@joycebrum
feat: enable codeql
c3dc7f6 
Signed-off-by: Joyce Brum <[email protected]>
@ci-tester-lunarg
Copy link

Author joycebrum not on autobuild list. Waiting for curator authorization before starting CI build.

1 similar comment
@ci-tester-lunarg
Copy link

Author joycebrum not on autobuild list. Waiting for curator authorization before starting CI build.

@charles-lunarg charles-lunarg merged commit af32f69 into KhronosGroup:main Sep 28, 2023
@charles-lunarg
Copy link
Collaborator

Just wanted to say thanks for doing the legwork of implementing this! Very nice to have and already has found some questionable code!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@charles-lunarg charles-lunarg charles-lunarg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure a SAST Tool
3 participants
@joycebrum @ci-tester-lunarg @charles-lunarg