Merge pull request #3229 from cdr/jsjoeio/add-code-scanning
feat(security): add code-scanning with CodeQL
This commit is contained in:
commit
9f7ceef806
4
.github/codeql-config.yml
vendored
Normal file
4
.github/codeql-config.yml
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
name: "code-server CodeQL config"
|
||||||
|
|
||||||
|
paths-ignore:
|
||||||
|
- lib/vscode
|
1
.github/dependabot.yml
vendored
1
.github/dependabot.yml
vendored
@ -9,6 +9,7 @@ updates:
|
|||||||
# GitHub always delivers the latest versions for each major
|
# GitHub always delivers the latest versions for each major
|
||||||
# release tag, so handle updates manually
|
# release tag, so handle updates manually
|
||||||
- dependency-name: "actions/*"
|
- dependency-name: "actions/*"
|
||||||
|
- dependency-name: "github/codeql-action/*"
|
||||||
|
|
||||||
- package-ecosystem: "npm"
|
- package-ecosystem: "npm"
|
||||||
directory: "/"
|
directory: "/"
|
||||||
|
33
.github/workflows/codeql-analysis.yml
vendored
Normal file
33
.github/workflows/codeql-analysis.yml
vendored
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
name: "Code Scanning"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
pull_request:
|
||||||
|
# The branches below must be a subset of the branches above
|
||||||
|
branches: [main]
|
||||||
|
schedule:
|
||||||
|
# Runs every Monday morning PST
|
||||||
|
- cron: "17 15 * * 1"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
analyze:
|
||||||
|
name: Analyze
|
||||||
|
runs-on: ubuntu-20.04
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
# Initializes the CodeQL tools for scanning.
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v1
|
||||||
|
with:
|
||||||
|
config-file: ./.github/codeql-config.yml
|
||||||
|
languages: javascript
|
||||||
|
|
||||||
|
- name: Autobuild
|
||||||
|
uses: github/codeql-action/autobuild@v1
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v1
|
Reference in New Issue
Block a user