-
-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Code Scanning & Address Code Quality Issues #93
Comments
Looks like these are ALL actually for the bundled |
Can you create a PR that setups Code Scanning for all files except |
It looks like there's a way to set up "advanced code scanning", which is effectively just a workflow file. Looking at the options for this though, I'm not noticing any options for filtering out which files to scan. I'm looking through the "Configuring advanced setup" and "Customizing code scanning" sections - do you see anything I'm missing? I imagine (if you don't find anything) that the idea is if you don't scan a part of a repository for code security scanning, then that kinda defeats the purpose, since there will always be some part of the repo that won't be secure 😅 |
Ah, I see. Then we would have to update the |
GitHub provides a code-scanning tool (Settings > Code Security and Analysis > Code Scanning) named CodeQL that helps identify common code quality and security issues. When enabling this in a fork of the repo, there appears to be 30 code quality issues that CodeQL recommends addressing. Some of these are in the
dist
folder, so there's likely some level of duplication that should mean less than 30 code issues.It would be useful to address these code quality/security issues to improve the security and reliability of this action.
The text was updated successfully, but these errors were encountered: