chore: Add CodeQL workflow #1876
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
@SethFalco Can you look at this please? |
|
Thanks for proposing this. I just had to find time to look into CodeQL, surrounding tools, and what kind of problems will be flagged. I was also wary since unless we write our own queries, it does look like a bit of a black box. (i.e. with the CLI and generic databases, every way to consume the results in a meaningful way seems to involve uploading to GitHub servers) Overall, this makes sense though and the results reported on this branch are worth acting on. Thanks for proposing this. Soon I'll evaluate the config/workflow and merge it in! 👍🏽 |
Feel free to adapt the triggers/schedule. This should help catch security issues like ReDoS. You can also opt to scan only for security issues; I went with
security-and-qualitysince that's what I use myself.