Skip to content

Scan for security vulnerabilities with GitHub CodeQL #645

New issue
New issue
Closed
Task
#646
Closed
Scan for security vulnerabilities with GitHub CodeQL#645
Task
#646
Assignees
rgoldberg
Labels
🧽 choreAdministrative task: documentation, build, test, release, git, etc.
Milestone
1.9.0
@rgoldberg

Description

@rgoldberg
rgoldberg
opened on Nov 20, 2024

Scan for security vulnerabilities with GitHub CodeQL by adding .github/workflows/codeql.yml workflow.

Use CodeQL for as much as possible:

  • Available languages:
    • swift
    • actions (GitHub Workflows)
  • Search for other languages:
    • zsh
    • YAML besides GitHub Workflows
    • JSON (+ Package.resolved, .swift-format)
    • Markdown

Also ensure dependabot is setup properly:

https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide

Metadata

Metadata

Assignees

Labels

🧽 choreAdministrative task: documentation, build, test, release, git, etc.

Type

Task

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions