boxstarter icon indicating copy to clipboard operation
boxstarter copied to clipboard
verified publisher icon chocolatey

(GH-570) Add GitHub Action scanning workflows

Open flcdrg opened this issue 1 year ago • 5 comments

Description Of Changes

Add GitHub Action workflows that run security and static analysis

  • Add PSScriptAnalyzer workflow
  • Add Codacy workflow
  • Add DevSkim workflow
  • Add CodeQL workflow

Motivation and Context

Strengthen security checking and reduce risk of introducing vulnerabilities

Testing

Tested in my repo

Change Types Made

  • [ ] Bug fix (non-breaking change).
  • [x] Feature / Enhancement (non-breaking change).
  • [ ] Breaking change (fix or feature that could cause existing functionality to change).
  • [ ] Documentation changes.
  • [ ] PowerShell code changes.

Change Checklist

  • [ ] Requires a change to the documentation.
  • [ ] Documentation has been updated.
  • [ ] Tests to cover my changes, have been added.
  • [ ] All new and existing tests passed?
  • [ ] PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

Fixes #570

flcdrg avatar Jun 29 '24 12:06 flcdrg

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot] avatar Jun 29 '24 12:06 github-advanced-security[bot]

This looks awesome! .. I just wonder if we should work on some of the issues or we can/should add some exceptions for the hits.

mwallner avatar Jun 30 '24 18:06 mwallner

Probably need to review them and figure out which ones are actionable and which ones may not be relevant.

flcdrg avatar Jun 30 '24 23:06 flcdrg

They were just the default values created by the GitHub templates, but yeah that sounds like a better idea

flcdrg avatar Jul 03 '24 23:07 flcdrg

But unfortunately GitHub Actions don't support that - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule

I will tweak the schedules though

flcdrg avatar Jul 03 '24 23:07 flcdrg