-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CodeQL analysis workflow for security scanning #652
base: main
Are you sure you want to change the base?
Conversation
It failed to run |
6968948
to
a24ecda
Compare
I made an update, but the workflow needs approval. |
Yhe CodeQL analysis still fails tu run properly |
The error has been fixed. all should be good now |
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Hi maintainers, @nachoBonafonte @bryce-b @vvydier I've implemented the CodeQL security scanning workflow as requested in issue #565. The CodeQL workflow is now:
The CodeQL bot has confirmed successful setup of code scanning, indicating that security analysis results will be available in the Security tab once merged. Note: I notice the Build and Test workflow is failing, but this appears unrelated to the CodeQL workflow changes since I only modified the CodeQL analysis file. Please review when you have a chance. Let me know if you'd like any adjustments to the CodeQL configuration. |
This PR adds a GitHub Actions workflow for running CodeQL analysis on the codebase to identify security vulnerabilities. The workflow is configured to automatically run on every push to the main branch and on pull requests targeting the main branch. It leverages the
github/codeql-action
to scan the repository for potential security issues in the Swift code.Closes #565
Changes made: