Enable automated code checks with codeql.yml - Githubissues

Mastercard / pkcs11-tools

A set of tools to manage objects on PKCS#11 cryptographic tokens. Compatible with many PKCS#11 library, including major HSM brands, NSS and softoken.

Other

142 stars 29 forks source link

Enable automated code checks with codeql.yml #40

Closed gl-mc closed 10 months ago

gl-mc commented 11 months ago

Enable GitHub CodeQL code scanning for vulnerabilities and best practices.
Debug GitHub Actions automated build script, so it runs as expected and also allows manual build triggers for debugging purposes.

CodeQL only finds DES as deprecated cryptographic algorithm (full analysis results: https://github.com/Mastercard/pkcs11-tools/security/code-scanning?query=pr%3A40+is%3Aopen)

Automated build process is against OpenSSL 3.0, which creates a number of warnings - see output here: https://github.com/Mastercard/pkcs11-tools/actions/runs/5780121989/job/15663357053?pr=40#step:8:107

github-advanced-security[bot] commented 11 months ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.