-
Context: https://github.com/google/brotli/security/code-scanning/4
Quick view on actions panel reveals that report is not true: https://github.com/google/brotli/actions/workflows/codeql.yml?query=bra…
-
**Is your feature request related to a problem? Please describe.**
As part of the OpenSSF badge, static code checking should be fully covered. While `govulncheck` is already present, more is needed…
-
The [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) repo currently omits running the CodeQL action on commits that are documentation or yaml only as the CodeQL action …
-
as Carola Lilienthal pointed out, "Security Analysis" is currently missing from the ANALYZE phase.
Will include that as a reminder (and will start with the topic-map diagram)
-
From our Slack channel:
> Just for giggles I ran our SAST on WebGoat and it found some vulnerabilities (yeah, shocking, I know) But it occurred to me I don't know if it found *all* the vulnerabilit…
-
Provide Jenkins pipelines for the two first selected use cases:
- WorSiCa: https://github.com/WorSiCa
- CESSDA: https://bitbucket.org/account/user/cessda/projects/CDC
### Milestones
- [DAST …
orviz updated
3 years ago
-
**Is your feature request related to a problem? Please describe.**
Dart and Flutter already use clang tidy to run several checks and perform static analysis and we would like to integrate their resul…
-
Seems like this effort is very similar to: https://github.com/sarif-standard
Static Analysis Results Interchange Format (SARIF) - A proposed standard for the output format of static analysis tools.…
-
## **Goal**:
Test the suitability of GitHub CodeQL as Mojaloop's static application security testing (SAST) tool.
Static application security testing (SAST), or static analysis, is a testing meth…
-
Hello,
I am reviewing python SAST tools for GitHub.
This action no longer seems to work in it's current version.
Please note that this tool is however still [shown/advertised](https://gith…