Closed ashalam closed 4 years ago
hold on, random thought - could you add GH advanced security yaml to this PR to see if it triggers instead of merging this to master
?
added codeql, checks pass with the revert
I'm a bit confused, what's the intended ending state of this PR? I thought the revert was so that GH security analysis would catch a security alert - is having the checks pass what we want in this scenario?
we are kicking the tires with codeql. I don't have enough info to share on how this would work. This is just the first commit to see how it does what it does and change as necessary. The one difference is this specific serialize is a dependency vs codeql and sonar is for vuln.
Was the original intention of this PR to get this other PR to work:
https://github.com/radarlabs/radar-sdk-js/pull/38
If so we should close this one and do the work in the other PR.