microsoft/hve-core
Publicmirrored from https://github.com/microsoft/hve-coreAvailable
.github/workflows/codeql-analysis.yml
54lines · modecode
| 1 | name: CodeQL Security Analysis |
| 2 | |
| 3 | on: |
| 4 | schedule: |
| 5 | # Weekly scan: Sundays at 4 AM UTC |
| 6 | - cron: '0 4 * * 0' |
| 7 | workflow_call: |
| 8 | |
| 9 | permissions: |
| 10 | contents: read |
| 11 | security-events: write |
| 12 | |
| 13 | jobs: |
| 14 | analyze: |
| 15 | name: CodeQL Analysis |
| 16 | runs-on: ubuntu-latest |
| 17 | permissions: |
| 18 | contents: read |
| 19 | security-events: write |
| 20 | actions: read |
| 21 | |
| 22 | strategy: |
| 23 | fail-fast: false |
| 24 | matrix: |
| 25 | language: [ 'javascript' ] |
| 26 | |
| 27 | steps: |
| 28 | - name: Checkout repository |
| 29 | uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.2.2 |
| 30 | with: |
| 31 | persist-credentials: false |
| 32 | |
| 33 | - name: Initialize CodeQL |
| 34 | uses: github/codeql-action/init@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0 |
| 35 | with: |
| 36 | languages: ${{ matrix.language }} |
| 37 | queries: security-extended,security-and-quality |
| 38 | |
| 39 | - name: Autobuild |
| 40 | uses: github/codeql-action/autobuild@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0 |
| 41 | |
| 42 | - name: Perform CodeQL Analysis |
| 43 | uses: github/codeql-action/analyze@ce729e4d353d580e6cacd6a8cf2921b72e5e310a # v3.27.0 |
| 44 | with: |
| 45 | category: "/language:${{ matrix.language }}" |
| 46 | |
| 47 | - name: Add job summary |
| 48 | if: always() |
| 49 | run: | |
| 50 | echo "## CodeQL Security Analysis Complete" >> $GITHUB_STEP_SUMMARY |
| 51 | echo "**Language:** ${{ matrix.language }}" >> $GITHUB_STEP_SUMMARY |
| 52 | echo "**Queries:** security-extended, security-and-quality" >> $GITHUB_STEP_SUMMARY |
| 53 | echo "" >> $GITHUB_STEP_SUMMARY |
| 54 | echo "📊 View results in the Security tab under Code Scanning" >> $GITHUB_STEP_SUMMARY |
| 55 | |