Merge pull request #285 from marcransome/update-codeql-workflow

Add CodeQL analysis job for GitHub Actions
marcransome · Jan 11, 2025 · 94d9b56 · 94d9b56
2 parents 6f00530 + c095c29
commit 94d9b56
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -39,3 +39,23 @@ jobs:
           cmake --build build
       - name: Perform CodeQL analysis
         uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+  analyze-actions:
+    name: CodeQL GitHub Actions analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Harden runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        with:
+          languages: actions
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        with:
+          category: "/language:actions"