Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL variant analysis scanning #2212

Merged
merged 1 commit into from
Aug 26, 2022
Merged

Add CodeQL variant analysis scanning #2212

merged 1 commit into from
Aug 26, 2022

Conversation

dfarrell07
Copy link
Member

@dfarrell07 dfarrell07 commented Aug 26, 2022
edited
Loading

This is a different type of static analysis than others we run.

It identified new issues (already fixed) that our other tool missed.

The company that built it was bought by GitHub and the tool is being
integrated into GitHub's security workflow.

Add one unprivileged version of the job to gate PRs and one privileged
version on-merge to report results.

Relates-to: submariner-io/submariner#1970
Signed-off-by: Daniel Farrell dfarrell@redhat.com

@dfarrell07 dfarrell07 self-assigned this Aug 26, 2022
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2212/dfarrell07/codeql2
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07
Add CodeQL variant analysis scanning
9fff278 
This is a different type of static analysis than others we run.

It identified new issues (already fixed) that our other tool missed.

The company that built it was bought by GitHub and the tool is being
integrated into GitHub's security workflow.

Add one unprivileged version of the job to gate PRs and one privileged
version on-merge to report results.

Relates-to: submariner-io/submariner#1970
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>
@dfarrell07
Copy link
Member Author

2022-08-26T15:04:36.5162383Z ##[warning]This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: HttpError: Resource not accessible by integration

I think this is not an issue, missing these experimental features on PR scans, but wanted to highlight.

@submariner-bot submariner-bot added the ready-to-test When a PR is ready for full E2E testing label Aug 26, 2022
@tpantelis tpantelis enabled auto-merge (rebase) August 26, 2022 16:02
@tpantelis tpantelis merged commit 59b0c89 into submariner-io:devel Aug 26, 2022
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2212/dfarrell07/codeql2]

@dfarrell07
Copy link
Member Author

dfarrell07 commented Aug 26, 2022
edited
Loading

Little late, but FYI you can see this correctly failing here: dfarrell07/submariner-website#6 / https://github.com/dfarrell07/submariner-website/pull/6/checks?check_run_id=8039932528 (all the bugs in found by CodeQL Go have already been fixed)

@dfarrell07 dfarrell07 mentioned this pull request Aug 30, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpantelis tpantelis tpantelis approved these changes

@skitt skitt skitt approved these changes

@mkolesnik mkolesnik Awaiting requested review from mkolesnik mkolesnik is a code owner

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
ready-to-test When a PR is ready for full E2E testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dfarrell07 @submariner-bot @skitt @tpantelis