Skip to content

Sigspm 11700 add codeql #1

Sigspm 11700 add codeql

Sigspm 11700 add codeql #1

Workflow file for this run

name: 'CodeQL'
on:
push:
branches: ['master']
pull_request:
# The branches below must be a subset of the branches above
branches: ['master']
schedule:
- cron: '30 12 * * 5'
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
name: Analyze
runs-on: 'ubuntu-latest'
strategy:
fail-fast: false
matrix:
language: ['javascript']
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: signavio/codeql-action/init@v2
with:
queries: security-extended
# run an 'alert-suppression' query
packs: 'codeql/${{ matrix.language }}-queries:AlertSuppression.ql'
languages: ${{ matrix.language }}
- name: auto-build
uses: signavio/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
id: analyze
uses: signavio/codeql-action/analyze@v2
with:
category: '/language:${{matrix.language}}'
output: sarif-results
- name: Dismiss alerts
if: github.ref == 'refs/heads/main'
uses: advanced-security/dismiss-alerts@v1
with:
sarif-id: ${{ steps.analyze.outputs.sarif-id }}
sarif-file: sarif-results/${{ matrix.language }}.sarif
env:
GITHUB_TOKEN: ${{ github.token }}