github-advanced-security[bot]
commented
4 months ago This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
As part of our 1ES migration, we need to add "CodeQL" (Code Query Language?) checks to our repos. This CodeQL service effectively checks against CVEs and other compliance requirements using static analysis of our source code. This needs to run in two places:
(1) Directly in the GitHub repo (2) In our 1ES code-mirror
It needs to run in these two places because CodeQL doesn't realize our 1ES ADO repo is a clone of the GitHub repo. Additionally, CodeQL needs to run at least weekly.
To tackle these requirements, this PR does the following: (1) Add GitHub action that runs CodeQL checks directly in GitHub. This runs weekly. (2) It makes our 1ES Official pipeline, which automatically adds injects CodeQL checks, run weekly.
That's all.