Enable CodeQL Scanning

Open michael-hawker opened this issue 2 years ago • 1 comments

Continuation of #190, wanted to do a clean PR so that alerts would could be filtered now that enabled filtering out generated code.

Prior alerts from the very first pass weren't filtered out with the change, so it made it impossible to see the result of just scoped to our production code.

This isn't a priority to get in, but will be good to have. From the initial pass there are some good notes for us to investigate in the future, there were no critical security findings, so we should feel good about the upcoming release.

Aug 28 '23 21:08 michael-hawker

Bugger, the filters to exclude the generated files aren't working... not sure why that would be... 😢

Will investigate this more later

Aug 28 '23 23:08 michael-hawker