introduce CodeQL to enable SAST scanning

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: temenuzhka-thede <temenuzhka.thede@docker.com>
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
temenuzhka-thede 2023-10-24 11:19:58 +02:00 committed by CrazyMax
parent b4bedf8053
commit b96c2c0282
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7

47
.github/workflows/codeql.yml vendored Normal file
View File

@ -0,0 +1,47 @@
name: codeql
on:
push:
branches:
- 'master'
- 'releases/v*'
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'
pull_request:
paths:
- '.github/workflows/codeql.yml'
- 'dist/**'
- 'src/**'
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language:
- javascript-typescript
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
-
name: Autobuild
uses: github/codeql-action/autobuild@v2
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"