STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cli/.github/workflows/codeql.yml
dependabot[bot] fb13f29f8a
chore(deps): bump advanced-security/filter-sarif from 1.0.1 to 1.1 
Bumps [advanced-security/filter-sarif](https://github.com/advanced-security/filter-sarif) from 1.0.1 to 1.1.
- [Release notes](https://github.com/advanced-security/filter-sarif/releases)
- [Commits](f3b8118a93...2da736ff05)

---
updated-dependencies:
- dependency-name: advanced-security/filter-sarif
  dependency-version: '1.1'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-12 14:03:44 +00:00

62 lines
1.7 KiB
YAML
Raw Blame History

name: Code Scanning
on:
push:
branches: [trunk]
pull_request:
branches: [trunk]
paths-ignore:
- '**/*.md'
schedule:
- cron: "0 0 * * 0"
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/analyze to upload SARIF results
jobs:
CodeQL-Build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ['go', 'actions']
steps:
- name: Check out code
uses: actions/checkout@v6
- name: Setup Go
if: matrix.language == 'go'
uses: actions/setup-go@v6
with:
go-version-file: "go.mod"
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
queries: security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
upload: false
output: sarif-results
- name: Filter SARIF for third-party code
if: matrix.language == 'go'
uses: advanced-security/filter-sarif@2da736ff05ef065cb2894ac6892e47b5eac2c3c0 # v1.1.0.1.1
with:
patterns: |
-third-party/**
input: sarif-results/${{ matrix.language }}.sarif
output: sarif-results/${{ matrix.language }}.sarif
- name: Upload filtered SARIF
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: sarif-results/${{ matrix.language }}.sarif
category: "/language:${{ matrix.language }}"
Reference in a new issue View git blame Copy permalink