Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create codeql.yml #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create codeql.yml #5

wants to merge 1 commit into from

Conversation

sharonstout1981
Copy link
Owner

No description provided.

@sharonstout1981
Create codeql.yml
b9f9b6f 
Signed-off-by: Sharon <42342605+sharonstout1981@users.noreply.github.com>
@sharonstout1981 sharonstout1981 self-assigned this May 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 1, 2024
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 7.5
Details
CheckScoreReason
Maintained🟢 1012 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/github/codeql-action/analyze 3.*.* UnknownUnknown
actions/github/codeql-action/init 3.*.* UnknownUnknown

Scanned Manifest Files

.github/workflows/codeql.yml
  • actions/checkout@4.*.*
  • github/codeql-action/analyze@3.*.*
  • github/codeql-action/init@3.*.*

@sharonstout1981 sharonstout1981 added documentation Improvements or additions to documentation enhancement New feature or request dependencies Pull requests that update a dependency file labels May 1, 2024
@sharonstout1981 sharonstout1981 enabled auto-merge (squash) July 26, 2024 10:01
sharonstout1981
sharonstout1981 commented Jul 26, 2024
View reviewed changes
Copy link
Owner Author

@sharonstout1981 sharonstout1981 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

auto-merge was automatically disabled July 26, 2024 10:04

Pull request was closed

@sharonstout1981 sharonstout1981 enabled auto-merge (squash) July 26, 2024 10:04
sharonstout1981
sharonstout1981 commented Jul 26, 2024
View reviewed changes
Copy link
Owner Author

@sharonstout1981 sharonstout1981 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sharonstout1981
Copy link
Owner Author

/approve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sharonstout1981 sharonstout1981

Labels
dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sharonstout1981