Skip to content

Commit 15ca9ab

Browse files
ci: add CodeQL analysis for Python and GitHub Actions (#1053)
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
1 parent 1e2d7d8 commit 15ca9ab

2 files changed

Lines changed: 51 additions & 0 deletions

File tree

.github/codeql/codeql-config.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
name: "CodeQL Config"
2+
3+
# Run the extended "security-and-quality" query suite (a superset of the
4+
# default security queries) for every analyzed language.
5+
queries:
6+
- uses: security-and-quality
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
name: "CodeQL Vulnerability Checks"
2+
3+
on:
4+
push:
5+
branches: [main]
6+
pull_request:
7+
branches: [main]
8+
schedule:
9+
- cron: "0 6 * * 1"
10+
11+
concurrency:
12+
group: ${{ github.workflow }}-${{ github.ref }}
13+
cancel-in-progress: true
14+
15+
jobs:
16+
analyze:
17+
name: Analyze
18+
runs-on: ubuntu-latest
19+
timeout-minutes: 30
20+
permissions:
21+
security-events: write
22+
contents: read
23+
actions: read
24+
strategy:
25+
fail-fast: false
26+
matrix:
27+
language:
28+
- python
29+
- actions
30+
steps:
31+
- name: Checkout repository
32+
uses: actions/checkout@v7
33+
with:
34+
persist-credentials: false
35+
36+
- name: Initialize CodeQL
37+
uses: github/codeql-action/init@v4
38+
with:
39+
languages: ${{ matrix.language }}
40+
config-file: ./.github/codeql/codeql-config.yml
41+
42+
- name: Perform CodeQL Analysis
43+
uses: github/codeql-action/analyze@v4
44+
with:
45+
category: "/language:${{ matrix.language }}"

0 commit comments

Comments
 (0)