🧛Spike: CodeQL Custom Queries

[tamsinforbes]

User Need

As an Operations Engineer I want to explore the various code quality methods available in CodeQL so that I am able to optimise use of this the resources for our benefit.

Value We currently use CodeQL in a basic set up to run code security scanning. There are other metrics available within CodeQL that we could write custom queries for to pull various other metrics and add these to our KPI Dashboard fro instance.

Functional Requirements (What):

• [ ] Play with CodeQL custom queries, locally via VSCode extension
• [ ] POC for workflow on ministryofjustice-test test repo to run CodeQL custom query to demonstrate collection of other metrics on a repo.

Non-Functional Requirements (How):

• [ ] Liaise with GitHub to get help writing custom CodelQL queries

Acceptance Criteria:

• [ ] Documented findings and able to provide recommendations as to further use of CodeQL.

Notes:

[tamsinforbes]

Blocked while on holiday 🌴

[tamsinforbes]

Duplicate of 🔍 Investigate CodeQL metrics #4752 which is properly linked to the EPIC