microsoft/hve-core

Public

mirrored from https://github.com/microsoft/hve-coreAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
6329fc0d14af6f09dd31e4d2dc90586a620ee42e

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

.github/workflows/codeql-analysis.yml

54lines · modecode

1name: CodeQL Security Analysis
2
3on:
4 schedule:
5 # Weekly scan: Sundays at 4 AM UTC
6 - cron: '0 4 * * 0'
7 workflow_call:
8
9permissions:
10 contents: read
11 security-events: write
12
13jobs:
14 analyze:
15 name: CodeQL Analysis
16 runs-on: ubuntu-latest
17 permissions:
18 contents: read
19 security-events: write
20 actions: read
21
22 strategy:
23 fail-fast: false
24 matrix:
25 language: [ 'javascript' ]
26
27 steps:
28 - name: Checkout repository
29 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.2.2
30 with:
31 persist-credentials: false
32
33 - name: Initialize CodeQL
34 uses: github/codeql-action/init@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
35 with:
36 languages: ${{ matrix.language }}
37 queries: security-extended,security-and-quality
38
39 - name: Autobuild
40 uses: github/codeql-action/autobuild@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
41
42 - name: Perform CodeQL Analysis
43 uses: github/codeql-action/analyze@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0
44 with:
45 category: "/language:${{ matrix.language }}"
46
47 - name: Add job summary
48 if: always()
49 run: |
50 echo "## CodeQL Security Analysis Complete" >> $GITHUB_STEP_SUMMARY
51 echo "**Language:** ${{ matrix.language }}" >> $GITHUB_STEP_SUMMARY
52 echo "**Queries:** security-extended, security-and-quality" >> $GITHUB_STEP_SUMMARY
53 echo "" >> $GITHUB_STEP_SUMMARY
54 echo "📊 View results in the Security tab under Code Scanning" >> $GITHUB_STEP_SUMMARY
55