Skip to content

Add CodeQL scanning and security policy#16

Merged
calebfaruki merged 3 commits intomainfrom
codeql
Mar 19, 2026
Merged

Add CodeQL scanning and security policy#16
calebfaruki merged 3 commits intomainfrom
codeql

Conversation

@calebfaruki
Copy link
Owner

@calebfaruki calebfaruki commented Mar 19, 2026

CodeQL's Rust support is minimal, but scanning Actions workflow definitions satisfies the OpenSSF Scorecard SAST check. Runs in parallel with test and audit after lint.

calebfaruki and others added 3 commits March 19, 2026 13:48
@calebfaruki
Add CodeQL scanning for GitHub Actions workflows
44aeeb4 
CodeQL's Rust support is minimal, but scanning Actions workflow
definitions satisfies the OpenSSF Scorecard SAST check. Runs in
parallel with test and audit after lint.
@calebfaruki
Add SECURITY.md with vulnerability reporting policy
35a522d 
Defines private reporting via GitHub advisories, 48-hour acknowledgment,
90-day fix timeline with coordinated disclosure, and scope aligned to
the project's security invariants. Addresses OpenSSF Scorecard
Security-Policy check.
@calebfaruki
Merge branch 'main' into codeql
adca5d9
@calebfaruki calebfaruki changed the title Add CodeQL scanning for GitHub Actions workflows Add CodeQL scanning and security policy Mar 19, 2026
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 19, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@calebfaruki calebfaruki merged commit fa97523 into main Mar 19, 2026
5 checks passed
@calebfaruki calebfaruki deleted the codeql branch March 19, 2026 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@calebfaruki