Skip to content

Configure CodeQL to analyze TypeScript only, remove Actions scanning #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kwinto merged 2 commits into from
Nov 25, 2025
Merged

Configure CodeQL to analyze TypeScript only, remove Actions scanning #216

kwinto merged 2 commits into from
Nov 25, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 25, 2025
edited
Loading

Success criteria

  • CodeQL workflow analyzes TypeScript code only
  • GitHub Actions workflows are not scanned by CodeQL
  • ESM build output is analyzed as configured
  • Workflow runs without language configuration errors

How to test

  1. Push changes to main or open a PR to trigger CodeQL workflow
  2. Verify workflow runs successfully with TypeScript language scanner only
  3. Confirm CodeQL results show analysis of dist/webchat.esm.js
  4. Check no Actions language analysis is performed

Security

  • Possible injection vector
  • Authentication/Access controls touched
  • Sensitive Data could be exposed
  • XSS
  • Logging/Monitoring touched
  • Exchanges data with external systems
  • No security implications

Additional considerations

  • This PR might have performance implications

Documentation Considerations

CodeQL now scans TypeScript code from the ESM build output only. Actions workflow files are excluded from scanning per repository requirements.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Nov 25, 2025
Open
@graymalkin77
Copy link

graymalkin77 commented Nov 25, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@kwinto
Remove actions language and update to typescript in CodeQL config
afcf2a4 
Co-authored-by: kwinto <90881+kwinto@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Nov 25, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • download.cypress.io
    • Triggering command: /usr/local/bin/node node index.js --exec install (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add CodeQL analysis workflow configuration Configure CodeQL to analyze TypeScript only, remove Actions scanning Nov 25, 2025
Copilot AI requested a review from kwinto November 25, 2025 15:08
@kwinto kwinto marked this pull request as ready for review November 25, 2025 15:51
@kwinto kwinto merged commit 25c6c90 into kwinto-patch-1 Nov 25, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kwinto kwinto Awaiting requested review from kwinto

Assignees

@kwinto kwinto

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@graymalkin77 @kwinto