search

NASA-PDS / software-issues-repo

Issue tracking repository as a centralized entry point for general PDS software bugs and feature requests.
Apache License 2.0
0 stars 0 forks source link

Update CodeQL to include more rigorous security scans and reporting #42

Closed jordanpadams closed 1 year ago

jordanpadams commented 1 year ago

đź’ˇ Description

The following needs to be updated on all repos:

  1. Enable security analysis

    • You want to modify the queries that are being run by CodeQL by updating the default set of queries that are run.
    • Add the following line to codeql-analysis.yml on line 47 under the “with:” tag
    • queries: +security-extended

  2. Generate output csv

    • This part is a little hacky, but if you add the following to your codeq-analysisl.yml it will append a zip to each workflow run that contains the CodeQL SARIF output and the csv format that Mike is expecting.
- run: |
    pip install nasa-scrub
    python3 -m scrub.tools.parsers.translate_results /home/runner/work/pds-view/results/*.sarif /home/runner/work/pds-view/results/codeql.scrub ${{ github.workspace }} scrub
    python3 -m scrub.tools.parsers.csv_parser /home/runner/work/pds-view/results
    rm -rf /home/runner/work/pds-view/results/*.scrub

- name: Upload CodeQL Artifacts
  uses: actions/upload-artifact@v3
  with:
    name: codeql-artifacts
    path: /home/runner/work/pds-view/results/*
jordanpadams commented 1 year ago

Closing this out as complete since it has been added to most repos