Skip to content

Latest commit

 

History

History
56 lines (47 loc) · 1.96 KB

codeql-analysis.md

File metadata and controls

56 lines (47 loc) · 1.96 KB

codeql-analysis.yml

This workflow will checkout the code and then run a CodeQL analysis against the specified languages. See the CodeQL docs for the complete list of supported languages.

Important

When calling this reusable workflow, the permissions must be set as follows:

permissions:
  actions: read
  contents: read
  security-events: write

Note

This workflow uses the following GitHub Actions:

See the Workflow file for the currently used versions of each GitHub Action.

Tip

See the Workflow file for implementation details.

Inputs

Input variable Necessity Description Default
languages-array required A valid JSON array of languages to analyze.
codeql-queries optional A comma-separate list of CodeQL query sets to use. security-extended,security-and-quality

Example

name: CodeQL
on:
  push:
    branches: [main]
jobs:
  analyze:
    uses: tektronix/python-package-ci-cd/.github/workflows/[email protected]
    with:
      languages-array: '["python", "javascript"]'
      codeql-queries: security-extended,security-and-quality
    permissions:
      actions: read
      contents: read
      security-events: write