ci: Explicit codeql workflow#2202
Open
thompson-tomo wants to merge 4 commits into
Open
Conversation
thompson-tomo
requested review from
ahayworth,
arielvalentin,
dazuma,
ericmustin,
fbogsany,
hannahramadan,
kaylareopelle,
mwear,
plantfansam,
robbkidd,
robertlaurin,
simi and
xuan-cao-swi
as code owners
Contributor
|
@trask do we have standard workflows that are centrally defined like codeql that should be run in every repo? If so, should that be provisioned though terraform instead of on a repo by repo basis? |
Member
|
hey @arielvalentin! are you asking about provisioning the codeql repo settings? or the codeql yml? |
Contributor
Author
|
@trask I am going to assume he is referring to the CI Workflow which would be added via this pr. @kaylareopelle this pr also needs the repo config change to enable advanced codeql scanning. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds an explicit codeql Workflow to ensure it runs on all pr's/commits as currently alot is being missed.
This will need someone to enable advanced codeql -> https://docs.github.com/en/code-security/how-tos/find-and-fix-code-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning
This enable sent has already been done to numerous otel repos see https://github.com/search?q=org%3Aopen-telemetry+codeql-Action%2FInit+language%3AYAML+path%3A%2F%5E%5C.github%5C%2Fworkflows%5C%2F%2F&type=code