nasa · astrogeco · May 20, 2021 · May 6, 2021
diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml
@@ -0,0 +1,20 @@
+name: "CodeQL Coding Standard Configuration File"
+
+disable-default-queries: true
+
+queries:
+  - name: JPL Rules
+    uses: ./codeql/cpp/ql/src/JPL_C
+  - name: MISRA Rule 9-5-1
+    uses: ./codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
+  - name: MISRA Rule 5-18-1
+    uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql 
+  - name: MISRA 6-2-2
+    uses: ./codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
+  - name: MISRA Rule 5-14-1
+    uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
+  - name: MISRA Rule 5-3-2
+    uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
+  - name: MISRA Rule 7-5-2
+    uses: ./codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
+
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
diff --git a/.github/codeql/codeql-security.yml b/.github/codeql/codeql-security.yml
@@ -0,0 +1,7 @@
+name: "CodeQL Security Configuration File"
+
+queries:
+  - name: Security and Quality
+    uses: security-and-quality
+  - name: Security Extended
+    uses: security-extended 
diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml
@@ -28,7 +28,7 @@ jobs:
           do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
 
 
-  CodeQL-Build:
+  CodeQL-Security-Build:
     #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
     needs: check-for-duplicates
     if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
@@ -55,7 +55,61 @@ jobs:
         uses: github/codeql-action/init@v1
         with:
           languages: c
-          config-file: ./.github/codeql/codeql-config.yml
+          config-file: ./.github/codeql/codeql-security.yml
+
+      # Setup the build system
+      - name: Copy sample_defs
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        run: |
+          cp ./cfe/cmake/Makefile.sample Makefile
+          cp -r ./cfe/cmake/sample_defs sample_defs
+
+      # Setup the build system
+      - name: Make Install
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        run: make
+
+      # Run CodeQL
+      - name: Perform CodeQL Analysis
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        uses: github/codeql-action/analyze@v1
+
+  CodeQL-Coding-Standard-Build:
+    #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
+    needs: check-for-duplicates
+    if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
+    runs-on: ubuntu-18.04
+    timeout-minutes: 15
+
+    steps:
+      # Checks out a copy of your repository
+      - name: Checkout code
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        uses: actions/checkout@v2
+        with:
+          repository: nasa/cFS
+          submodules: true
+
+      - name: Check versions
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        run: |
+           git log -1 --pretty=oneline
+           git submodule
+
+      - name: Checkout codeql code      
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        uses: actions/checkout@v2
+        with:
+          repository: github/codeql 
+          submodules: true 
+          path: codeql
+
+      - name: Initialize CodeQL
+        if: ${{ !steps.skip-workflow.outputs.skip }}
+        uses: github/codeql-action/init@v1
+        with:
+          languages: c
+          config-file: ./.github/codeql/codeql-coding-standard.yml
 
       # Setup the build system
       - name: Copy sample_defs