This workflow will checkout the code and then run a CodeQL analysis against the specified languages. See the CodeQL docs for the complete list of supported languages.
Important
When calling this reusable workflow, the permissions must be set as follows:
permissions:
actions: read
contents: read
security-events: writeNote
This workflow uses the following GitHub Actions:
See the Workflow file for the currently used versions of each GitHub Action.
Tip
See the Workflow file for implementation details.
| Input variable | Necessity | Description | Default |
|---|---|---|---|
languages-array |
required | A valid JSON array of languages to analyze. | |
codeql-queries |
optional | A comma-separate list of CodeQL query sets to use. | security-extended,security-and-quality |
name: CodeQL
on:
push:
branches: [main]
jobs:
analyze:
uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-codeql-analysis.yml@v0.0.1
with:
languages-array: '["python", "javascript"]'
codeql-queries: security-extended,security-and-quality
permissions:
actions: read
contents: read
security-events: write