Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL config #4311

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add CodeQL config #4311

wants to merge 2 commits into from
+114 −11

Conversation

kanwalpreetd
Copy link

Description

Added Github workflow for running security code scans through CodeQL.

The scan results will be visible under the Security tab, once a scan is complete.

I am thinking we could run the analysis job periodically (once every Sunday) on master, but can also provide ability to be triggered manually (as per current config). It takes around 3-4 hours to run since CodeQL needs a fresh build to perform the analysis.

The scan as per current config will be performed on 4 builds with gcc and clang for current and next protocol versions. This PR won't run the scan until merged (since workflow config specifies it can only run on master once merged), but a preview of the scan job can be seen here in a fork

Checklist

  • Reviewed the contributing document
  • Rebased on top of master (no merge commits)
  • Ran clang-format v8.0.0 (via make format or the Visual Studio extension)
  • Compiles
  • Ran all tests
  • If change impacts performance, include supporting evidence per the performance document

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kanwalpreetd