Fix #71, Add CodeQL analysis to workflow #72
Conversation
skliper
added
CCB:Ready
skliper
removed
the
CCB:Ready
|
For some reason there is one warning presented in the workflow:
Also when viewing the code scanning results, it shows results outside of the ci_lab path as seen below. For example, it shows errors for osal. |
|
@ArielSAdamsNASA I'm wondering if the error is because the analysis hasn't been run in main yet. I tried runs on all branches for push/pull and saw the same warning. Maybe it will go away? For OSAL results - I'm not seeing the same thing. Shows up as "This branch hasn't been scanned yet" for me on nasa/ci_lab main branch. Which branch were you on? |
I was also on the nasa/ci_lab main branch. I ran the analysis again this morning and noticed that the OSAL results now have "(Test)" in the title. As long as it works locally for you, it should perform the same once implemented.
|
|
@ArielSAdamsNASA Now I'm seeing the warnings... seems I have the path exclusions set up incorrectly, I'll try to fix! |
skliper
force-pushed
the
fix71-add_codeql
branch
from
f8e348d to
48b99bb
Compare
skliper
force-pushed
the
fix71-add_codeql
branch
5 times, most recently
from
de778fd to
5793160
Compare
|
Updates - made it only build ci (so it only reports CI errors), also embedded queries in workflow instead of separate config file |
skliper
force-pushed
the
fix71-add_codeql
branch
from
5793160 to
11b7017
Compare
astrogeco
added
continuous-integration
enhancement
Describe the contribution
Fix #71 - adds CodeQL analysis
Differences from bundle - path theoretically limited to ci_lab, has timeout, and "security and quality", and only does the build (run not necessary for codeql analysis)
Testing performed
Ran on fork
Expected behavior changes
Adds Code QL analysis on push to main and pull requests (to main)
System(s) tested on
CI
Additional context
None
Third party code
None
Contributor Info - All information REQUIRED for consideration of pull request
Jacob Hageman - NASA/GSFC