Open stan-dot opened 1 month ago
coretl
commented
3 weeks ago Before working on a PR to put this into copier, please try it for a reasonable period in other repos, then report back if it gives any useful results. My experience with these tools is that they make more noise than useful alerts, so I'd like to see if they have improved.
stan-dot
commented
3 weeks ago that's very reasonable.
arguably this should be an existing repo, not a new one.
@coretl , @callumforrester do you have a repo candidate? maybe blueapi ?
DiamondJoseph
commented
3 weeks ago Be nice to prove we have it configured right on i22-bluesky, since right now the security tab isn't really giving much information.
callumforrester
commented
3 weeks ago Yep, happy to see this added to blueapi
stan-dot
commented
3 weeks ago will revisit this once those repos are tested for 3 months - setting this for 19.11.2024
https://github.com/apps/sonarcloud
https://codeql.github.com/
see the repo for reference https://github.com/DiamondLightSource/i18-bluesky/pull/20
There is a DLS precedent for the use of codeql in the python-murfey repo
UPDATE: this had also been tested in the
i18-blueskyrepository