Merge pull request #3229 from cdr/jsjoeio/add-code-scanning
feat(security): add code-scanning with CodeQL
This commit is contained in:
commit
9f7ceef806
4
.github/codeql-config.yml
vendored
Normal file
4
.github/codeql-config.yml
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
name: "code-server CodeQL config"
|
||||
|
||||
paths-ignore:
|
||||
- lib/vscode
|
1
.github/dependabot.yml
vendored
1
.github/dependabot.yml
vendored
@ -9,6 +9,7 @@ updates:
|
||||
# GitHub always delivers the latest versions for each major
|
||||
# release tag, so handle updates manually
|
||||
- dependency-name: "actions/*"
|
||||
- dependency-name: "github/codeql-action/*"
|
||||
|
||||
- package-ecosystem: "npm"
|
||||
directory: "/"
|
||||
|
33
.github/workflows/codeql-analysis.yml
vendored
Normal file
33
.github/workflows/codeql-analysis.yml
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
name: "Code Scanning"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [main]
|
||||
schedule:
|
||||
# Runs every Monday morning PST
|
||||
- cron: "17 15 * * 1"
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v1
|
||||
with:
|
||||
config-file: ./.github/codeql-config.yml
|
||||
languages: javascript
|
||||
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v1
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v1
|
Reference in New Issue
Block a user