Sean-Der
commented
2 years ago nice, this is super cool didn't know about it :)
Closed daenney closed 2 years ago
Sean-Der
commented
2 years ago nice, this is super cool didn't know about it :)
daenney
commented
2 years ago Now, how to test this... :smile:
daenney
commented
2 years ago So it's up on https://github.com/pion/ci-sandbox/actions/workflows/codeql.yml now, but apparently I can't trigger this by hand. I guess we wait until Sunday?
daenney
commented
2 years ago Ah, apparently I need a on: workflow_dispatch
daenney
commented
2 years ago Alright, so it's visible here now: https://github.com/pion/ci-sandbox/security/code-scanning. The CI job works as expected, but obviously for that repo it doesn't find any issues. I think we're good to tag this now. WDYT @Sean-Der?
You can see the workflow with a manual trigger here: https://github.com/pion/ci-sandbox/actions/workflows/codeql-analysis.yml
daenney
commented
2 years ago An automatic/scheduled run has happened too now: https://github.com/pion/ci-sandbox/actions/runs/2252392230.
Things seem to be working as expected, so I'll go ahead and tag a release.
This launches a CodeQL scan once a week, on Sunday at 05:23 UTC for the latest commit on the default branch. The results of the scan will be available on the repository's Security tab in the Code Scanning alerts. This is only visible to folks that are org or repo admins (not just push, admin), or members of a team in the Pion org with the security manager role.