Investigate CodeQL

[tschaffter]

Increase the robustness of angular apps.

References:

• https://github.com/Sage-Bionetworks/Synapse-React-Client/blob/develop/.github/workflows/codeql.yml

[tschaffter]

The concept of CodeQL is to build a special database from the code of an application, then scan the code by running CodeQL queries that scan the database. There are public repositories of CodeQL queries (.ql) that can be pulled and run on the database generated from your source code.

• A short video introduction to CodeQL

• GitHub documentation on how to enable code scanning with CodeQL

  • Supported languages:

  C/C++ C# Go Java JavaScript/TypeScript Python

• There is a CodeQL extension for VS Code that can be used to support the implementation of .ql files