Add CodeQL workflow for GitHub code scanning #295
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (glauth#260) * Dev (glauth#254) * use functional options pattern to inject logr (glauth#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (glauth#126) * fix owncloud posix query, log message and provisioning api results (glauth#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (glauth#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (glauth#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (glauth#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (glauth#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (glauth#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (glauth#142) Fix glauth#141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (glauth#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (glauth#160) * Allow using configmaps when deploying in kubernetes (glauth#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (glauth#163) (glauth#164) * Update README.md (glauth#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (glauth#150) * feat: add flags for ldap listen addresses (glauth#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (glauth#171) * Docker build fix. * Makefile fix. * update readme, config and deps (glauth#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (glauth#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (glauth#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (glauth#194) * Stronger, salted paswords using bcrypt. (glauth#195) * Fixed badges in README file and added a couple improvements (glauth#196) * fix lock for ownCloud / graph backend (glauth#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (glauth#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (glauth#201) * fix: keep watch config file when changed,renamed,removed (glauth#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (glauth#203) * Introducing goconvey testing and refactoring of config and ... (glauth#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (glauth#205) * Support for userPrincipalName binding and browsing. (glauth#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (glauth#207) * Capabilities -- part 2 (glauth#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (glauth#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step glauth#2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (glauth#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (glauth#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (glauth#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (glauth#227) * v2 -- V2 hierarchy (glauth#228) * Search refactoring, tree traversal and scope correctness (glauth#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (glauth#233) * Feature/custom attributes (glauth#240) * Makefiles: platform releases (glauth#241) * Feature/release script (glauth#242) * Bug/fix docker build in v2 (glauth#244) * Fix glauth#246 and glauth#252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Feature/dbsshkeys (glauth#262) * Dev -> Master after v1/v2 cleanup (glauth#261) * Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (glauth#260) * Dev (glauth#254) * use functional options pattern to inject logr (glauth#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (glauth#126) * fix owncloud posix query, log message and provisioning api results (glauth#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (glauth#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (glauth#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (glauth#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (glauth#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (glauth#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (glauth#142) Fix glauth#141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (glauth#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (glauth#160) * Allow using configmaps when deploying in kubernetes (glauth#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (glauth#163) (glauth#164) * Update README.md (glauth#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (glauth#150) * feat: add flags for ldap listen addresses (glauth#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (glauth#171) * Docker build fix. * Makefile fix. * update readme, config and deps (glauth#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (glauth#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (glauth#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (glauth#194) * Stronger, salted paswords using bcrypt. (glauth#195) * Fixed badges in README file and added a couple improvements (glauth#196) * fix lock for ownCloud / graph backend (glauth#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (glauth#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (glauth#201) * fix: keep watch config file when changed,renamed,removed (glauth#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (glauth#203) * Introducing goconvey testing and refactoring of config and ... (glauth#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (glauth#205) * Support for userPrincipalName binding and browsing. (glauth#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (glauth#207) * Capabilities -- part 2 (glauth#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (glauth#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step glauth#2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (glauth#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (glauth#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (glauth#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (glauth#227) * v2 -- V2 hierarchy (glauth#228) * Search refactoring, tree traversal and scope correctness (glauth#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (glauth#233) * Feature/custom attributes (glauth#240) * Makefiles: platform releases (glauth#241) * Feature/release script (glauth#242) * Bug/fix docker build in v2 (glauth#244) * Fix glauth#246 and glauth#252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * SSH Keys support in database plugins Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Better plugin build for darwin * add link to documentation, only discovered it while perusing issues list (glauth#276) * Plugin: Unix PAM Authentication (glauth#263) (glauth#277) * Plugin: Unix PAM Authentication (glauth#263) * Add plugin using pam authentication Adds an additional plugin which us authenticating against the PAM unix backend and exposing users and groups local to the machine glauth is running on. This can be used to expose local users for authentication in other services which support ldap only. * plugins: pam: Rewrite Bind() to use ldapopshelper Modernizes the implementation of Bind() to make use of the helper functions provided by LDAPOpsHelper. In order to support custom authentication the existing config.User has received an additional PassAppCustom property which allows to specify a custom authentication callback for a user. In case of the PAM backend this will be used to authenticate against the local PAM database. * plugins: pam: Rewrite Search() to use ldapopshelper Modernizes the implementation of Search() to make use of the helper functions provided by LDAPOpsHelper. * plugins: pam: Capability through group membership Adds a configuration option which decides if a user gets the search capability or not based on the group memberships of a user. * plugins: pam: Apply formatting Runs gofmt and go get on all changes done earlier * plugins: pam: Address feedback from CodeClimate - reduce code similarity - document new exports - address casing of variables and functions - reduce complexity of FindPosixGroups() - reduce complexity of FindPosixAccounts() - fix else branch in ldapopshelper Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Updated README for pam plugin * Updated README for pam plugin Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Removing db plugins * Changing plugind package * Remove main frmo plugin * Move plugins to their own repos (glauth#283) * Plugins release build delegated to plugin Makefile * Build and push docker containers * README points to documentation * Shortened README * Prometheus exported (glauth#284) * Prometheus exporter * Feature/zerolog (glauth#285) * Zerolog * Adjusted logging levels * Structured logging including ldap library * Feature/check config (glauth#286) Add config check `--check-config` * Removed last trace of old docker files Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: dlitster <davidlitster@gmail.com> Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de>
|
Kudos, SonarCloud Quality Gate passed!
|
|
Kudos, SonarCloud Quality Gate passed!
|
Merged
Fusion
added a commit
that referenced
this pull request
Jul 4, 2023
Cross-platform changes: - No SysLog on Windows (#289) Code quality: - CodeSee integration - Add CodeQL workflow for GitHub code scanning (#295) Correctness: - Construct DNs under ou=users for uniqueMember group attribute - Use NameFormat/GroupFormat when constructing RDN attributes - Brian Candler (@candlerb) completed the above by making sure they were supported where it matters - The directory structure can be navigated up and down using any LDAP browser - searchMaybePosixAccounts: add filter to respect searchBaseDN (#304) - Feature: introduce legacy behavior, based on past versions (#318) Security/Updates: - Bump golang.org/x/crypto in /v2 - Update Go Versions to 1.19, 1.20 (#314) - Added anonymousdse backend option to config sample (#316) Qualify of life: - Add devcontainer (#306) - Add help command to Makefile (#307) - Update go.work to 1.19 (#315)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi
glauth/glauth!This is a one-off automatically generated pull request from LGTM.com 🤖. You might have heard that we’ve integrated LGTM’s underlying CodeQL analysis engine natively into GitHub. The result is GitHub code scanning!
With LGTM fully integrated into code scanning, we are focused on improving CodeQL within the native GitHub code scanning experience. In order to take advantage of current and future improvements to our analysis capabilities, we suggest you enable code scanning on your repository. Please take a look at our blog post for more information.
This pull request enables code scanning by adding an auto-generated
codeql.ymlworkflow file for GitHub Actions to your repository — take a look! We tested it before opening this pull request, so all should be working ✔️. In fact, you might already have seen some alerts appear on this pull request!Where needed and if possible, we’ve adjusted the configuration to the needs of your particular repository. But of course, you should feel free to tweak it further! Check this page for detailed documentation.
Questions? Check out the FAQ below!
FAQ
Click here to expand the FAQ section
How often will the code scanning analysis run?
By default, code scanning will trigger a scan with the CodeQL engine on the following events:
What will this cost?
Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.
What types of problems does CodeQL find?
The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the
security-and-qualityquery suite for you.How do I upgrade my CodeQL engine?
No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.
The analysis doesn’t seem to be working
If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.
How do I disable LGTM.com?
If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).
Which source code hosting platforms does code scanning support?
GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.
How do I know this PR is legitimate?
This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!
I have another question / how do I get in touch?
Please join the discussion here to ask further questions and send us suggestions!