Skip to content

CodeQL

CodeQL #38

name: "CodeQL"
on:
push:
branches:
- 'main'
- 'master'
- 'release-v*'
pull_request:
schedule:
- cron: '0 12 * * *'
jobs:
analyze-go:
name: Analyze Go
runs-on: ubuntu-latest
permissions:
actions: read # github/codeql-action/init
security-events: write # github/codeql-action/init
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: ./.github/actions/install-deps
- name: Run govulncheck
run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...
- uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: go
- uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
- uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
# Javascript is added here for evaluating Github Action vulnerabilities
# https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/#2-enable-code-scanning-for-workflows
analyze-github-actions:
name: Analyze Github Actions
runs-on: ubuntu-latest
permissions:
actions: read # github/codeql-action/init
security-events: write # github/codeql-action/init
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: actions
- uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2