diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index a3cbea80..896e1179 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -95,6 +95,24 @@ jobs: - name: Run packagedoc-lint run: make packagedoc-lint + variant-analysis: + name: Variant Analysis + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - name: Initialize CodeQL + uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + with: + languages: go + - name: Build code, creating CodeQL database + run: make build + - name: Run CodeQL variant analysis + uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + - name: Show CodeQL scan SARIF report + if: always() + run: cat ../results/go.sarif + vulnerability-scan: name: Vulnerability Scanning runs-on: ubuntu-latest diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 82ed56a2..ddd4a57f 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -10,6 +10,26 @@ on: permissions: {} jobs: + variant-analysis: + name: Variant Analysis + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Check out the repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - name: Initialize CodeQL + uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + with: + languages: go + - name: Build code, creating CodeQL database + run: make build + - name: Run CodeQL variant analysis + uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + - name: Show CodeQL scan SARIF report + if: always() + run: cat ../results/go.sarif + vulnerability-scan: name: Vulnerability Scanning if: github.repository_owner == 'submariner-io'