More rigorous static analysis is already a gating factor on pull request build success. Add CodeQL as an additional (currently unenforced) step in the pull request build so results can be assessed before changes are delivered instead of as a scheduled workflow on committed changes.
More rigorous static analysis is already a gating factor on pull request build success. Add CodeQL as an additional (currently unenforced) step in the pull request build so results can be assessed before changes are delivered instead of as a scheduled workflow on committed changes.