From 58fc65de716bc12d9b211eea23637d08609c07f1 Mon Sep 17 00:00:00 2001 From: or-akeyless <147986571+or-akeyless@users.noreply.github.com> Date: Mon, 12 Feb 2024 14:57:19 +0200 Subject: [PATCH 1/2] Create codeql.yml --- .github/workflows/codeql.yml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..fa6957f --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,42 @@ +name: "CodeQL" + +on: + push: + branches: [ "or-appsec" ] + pull_request: + branches: [ "or-appsec" ] + schedule: + - cron: '0 17 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + # required for all workflows + security-events: write + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: [ 'javascript-typescript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From fe7f66f8136ed24452d239129d8044d29167af59 Mon Sep 17 00:00:00 2001 From: or-akeyless <147986571+or-akeyless@users.noreply.github.com> Date: Mon, 12 Feb 2024 15:00:57 +0200 Subject: [PATCH 2/2] Update codeql.yml --- .github/workflows/codeql.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fa6957f..87cba06 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL" on: push: - branches: [ "or-appsec" ] + branches: [ "main" ] pull_request: - branches: [ "or-appsec" ] + branches: [ "main" ] schedule: - cron: '0 17 * * 0' @@ -14,10 +14,7 @@ jobs: runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} permissions: - # required for all workflows security-events: write - - # only required for workflows in private repositories actions: read contents: read