This PR adds support for a centralized security workflow which runs on changes to master, main, and/or dev. This helps to track this repository’s security posture, and integrates into Coalition’s centralized security dashboard.
This workflow will run in parallel to any builds and will not block releases or development, even if an error occurs.
This workflow centralizes the execution of CodeQL to minimize future impact to engineering teams when keeping rules up to date.
The AppSec team will be responsible for maintaining this workflow if there are any security issues in the future. If there are questions, please reach out to the team in our Slack channel, #help-appsec.
anthturner
commented
2 years ago
This PR adds support for a centralized security workflow which runs on changes to
master,main, and/ordev. This helps to track this repository’s security posture, and integrates into Coalition’s centralized security dashboard.This workflow will run in parallel to any builds and will not block releases or development, even if an error occurs.
This workflow centralizes the execution of CodeQL to minimize future impact to engineering teams when keeping rules up to date.
The AppSec team will be responsible for maintaining this workflow if there are any security issues in the future. If there are questions, please reach out to the team in our Slack channel, #help-appsec.
More information can be found in Confluence at https://fiasco.atlassian.net/wiki/spaces/ENG/pages/2876080164/Static+Analysis+Tooling+Integration