Archived
1
0

Merge pull request #3229 from cdr/jsjoeio/add-code-scanning

feat(security): add code-scanning with CodeQL
This commit is contained in:
repo-ranger[bot] 2021-04-27 22:55:30 +00:00 committed by GitHub
commit 9f7ceef806
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 0 deletions

4
.github/codeql-config.yml vendored Normal file
View File

@ -0,0 +1,4 @@
name: "code-server CodeQL config"
paths-ignore:
- lib/vscode

View File

@ -9,6 +9,7 @@ updates:
# GitHub always delivers the latest versions for each major # GitHub always delivers the latest versions for each major
# release tag, so handle updates manually # release tag, so handle updates manually
- dependency-name: "actions/*" - dependency-name: "actions/*"
- dependency-name: "github/codeql-action/*"
- package-ecosystem: "npm" - package-ecosystem: "npm"
directory: "/" directory: "/"

33
.github/workflows/codeql-analysis.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: "Code Scanning"
on:
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
schedule:
# Runs every Monday morning PST
- cron: "17 15 * * 1"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
config-file: ./.github/codeql-config.yml
languages: javascript
- name: Autobuild
uses: github/codeql-action/autobuild@v1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1