From f3e716c89d1208f97eccac85c14bc2e104699863 Mon Sep 17 00:00:00 2001 From: "Y. Meyer-Norwood" <106889957+norwd@users.noreply.github.com> Date: Tue, 26 Nov 2024 14:02:19 +1300 Subject: [PATCH] Create codeql.yml --- .github/workflows/codeql.yml | 73 ++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..33fce70 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,73 @@ +--- + +name: "CodeQL Advanced" +run-name: "CodeQL Advanced" + +on: + push: + branches: + - 'main' + + pull_request: + branches: + - 'main' + + schedule: + - cron: '35 18 * * 0' + - cron: '17 22 * * 5' + +jobs: + analyze: + name: "Analyze (${{ matrix.language }})" + runs-on: ubuntu-latest + + permissions: + security-events: write + packages: read + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: + - 'javascript-typescript' + + steps: + - name: "Checkout" + uses: actions/checkout@v4 + + - name: "Initialize CodeQL" + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: "Perform CodeQL Analysis" + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" + + dependency-scan: + name: Dependency Scan + runs-on: ubuntu-latest + steps: + - name: "Checkout repository" + uses: actions/checkout@v4 + + - name: "Scan for dependencies" + uses: github/dependabot-action@v2 + with: + sub-directory: "/" + open-pull-requests-limit: 5 + package-ecosystem: "github-actions" + directory: "/" + + secret-scan: + name: "Secret Scan" + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: actions/checkout@v4 + + - name: "Scan for secrets" + uses: github/secret-scanning@v2