Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup CodeQL SAST #146

Merged
merged 1 commit into from
Jan 22, 2024
Merged

Setup CodeQL SAST #146

merged 1 commit into from
Jan 22, 2024

Conversation

leordev
Copy link
Member

@leordev leordev commented Jan 19, 2024
edited
Loading

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 19, 2024

⚠️ No Changeset found

Latest commit: 9ac8426

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

TBDocs Report

✅ No errors or warnings

@tbdex/protocol

  • Project entry file: packages/protocol/src/main.ts

@tbdex/http-client

  • Project entry file: packages/http-client/src/main.ts

@tbdex/http-server

  • Project entry file: packages/http-server/src/main.ts

TBDocs Report Updated at 2024-01-19T22:32:58Z 9ac8426

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

This was referenced Jan 19, 2024
Merged
Merged
jiyoontbd
jiyoontbd reviewed Jan 22, 2024
View reviewed changes
.github/workflows/codeql.yml
pull_request:
branches: [ "main" ]
schedule:
- cron: '33 1 * * 5'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason why the cron schedule is different here compared to the one in your tbdex-kt PR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how come it is on a schedule at all vs pull requests?

Copy link
Member Author

@leordev leordev Jan 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason why the cron schedule is different here compared to the one in your tbdex-kt PR?

It's randomly generated by GH when Enabling the CodeQL scan. I don't think the schedule time actually matter as long as we have the scan being executed weekly. (I'm going to move forward with the merge but we can revisit the weekly scanning time later if we want to have it running at the same time for all our repos).

how come it is on a schedule at all vs pull requests?

It runs both on PRs, main pushes AND on a schedule. The reason for running on a schedule is that new vulns are discovered every day. So, even after merging something, we need to be scanning the codebase in a consistent basis.

@leordev leordev merged commit 9d3e9e8 into main Jan 22, 2024
9 checks passed
@leordev leordev deleted the leordev/sast branch January 22, 2024 19:38
diehuxx added a commit that referenced this pull request Jan 22, 2024
@diehuxx
Merge branch 'main' into dont-copy-test-vecs
c4d252c 
* main:
  Setup Codecov (#145)
  Setup CodeQL SAST (#146)
  Stricten typescript in protocol package (#141)
  Version Packages (#114)
  Fix docs-publish.yaml (#144)
  Fold paymentInstructions inside payin and payout (#140)
This was referenced Jan 22, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diehuxx diehuxx diehuxx approved these changes

@jiyoontbd jiyoontbd jiyoontbd approved these changes

@michaelneale michaelneale Awaiting requested review from michaelneale michaelneale is a code owner

@mistermoe mistermoe Awaiting requested review from mistermoe mistermoe is a code owner

@phoebe-lew phoebe-lew Awaiting requested review from phoebe-lew

@KendallWeihe KendallWeihe Awaiting requested review from KendallWeihe KendallWeihe is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@leordev @michaelneale @diehuxx @jiyoontbd