Closed ethanjli closed 3 years ago
This PR adds a CodeQL Github Actions workflow to scan for security vulnerabilities and code quality issues. Results are reported in https://github.com/pez-globo/pufferfish-software/security/code-scanning . To see the alerts identified in this branch, see https://github.com/pez-globo/pufferfish-software/security/code-scanning?page=1&query=ref%3Arefs%2Fpull%2F358%2Fmerge+tool%3ACodeQL . Right now it looks like alerts do not block PR merging, so we can start by using it purely in an advisory role. @renjipanicker If it looks good, please add your approval and we'll merge this in; otherwise, we can make changes as needed or close this PR without merging. One caveat is that these CodeQL scanning actions take 2 min to run, so it does noticeably increase the time needed to finish running all checks.
This PR adds a CodeQL Github Actions workflow to scan for security vulnerabilities and code quality issues. Results are reported in https://github.com/pez-globo/pufferfish-software/security/code-scanning . To see the alerts identified in this branch, see https://github.com/pez-globo/pufferfish-software/security/code-scanning?page=1&query=ref%3Arefs%2Fpull%2F358%2Fmerge+tool%3ACodeQL . Right now it looks like alerts do not block PR merging, so we can start by using it purely in an advisory role. @renjipanicker If it looks good, please add your approval and we'll merge this in; otherwise, we can make changes as needed or close this PR without merging. One caveat is that these CodeQL scanning actions take 2 min to run, so it does noticeably increase the time needed to finish running all checks.