Skip to content

Commit

Permalink
chore: Review CodeQL config (kedacore#4133)
Browse files Browse the repository at this point in the history
Fixes kedacore#4032

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
  • Loading branch information
JorTurFer committed Jan 18, 2023
1 parent ab4ca9a commit 831a787
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 1 deletion.
33 changes: 33 additions & 0 deletions .github/workflows/static-analysis-codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: "CodeQL"

on:
push:
branches: [ "main" ]
pull_request: {}

jobs:
codeQl:
name: Analyze CodeQL Go
runs-on: ubuntu-latest
container: ghcr.io/kedacore/build-tools:1.19.5
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Register workspace path
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:go"
37 changes: 37 additions & 0 deletions .github/workflows/static-analysis-semgrep.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: "Semgrep"

on:
push:
branches: [ "main" ]
pull_request_target: {}

jobs:
semgrep:
name: Analyze Semgrep
runs-on: ubuntu-latest
container: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v3
- name: Register workspace path
if: ${{ github.event.number > 0 }}
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

- name: Checkout Pull Request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: checkout
if: ${{ github.event.number > 0 }}
run: |
apk add github-cli
gh pr checkout ${{ github.event.number }}
- run: semgrep ci --sarif --output=semgrep.sarif
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

- name: Upload SARIF file for GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: semgrep.sarif
if: ${{ github.event.number == '' && !cancelled() }}
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ To learn more about our roadmap, we recommend reading [this document](ROADMAP.md

### Other

- TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX))
- **General:** Review CodeQL rules and enable it on PRs ([#4032](https://github.com/kedacore/keda/pull/4032))

## v2.8.1

Expand Down

0 comments on commit 831a787

Please sign in to comment.