skrub icon indicating copy to clipboard operation
skrub copied to clipboard

Published 20 hours ago verified publisher icon skrub-data

Implement CodeQL

Open LilianBoulard opened this issue 2 years ago • 1 comments

Adds CodeQL, a tool for finding vulnerabilities and mistakes in the code. It was recommended by GitHub, let's see if this can be useful for us.

LilianBoulard avatar Aug 08 '22 12:08 LilianBoulard

So, the output can be seen on the test, and the report has been exported to the Security tag of the repository. No vulnerabilities nor mistakes have been found, which is good ! I don't think it is useful to run it for each PR, but I guess scanning the code before releases could be a good practice. To do that, we could create a codeql branch and push master onto it before releasing. Let me know what you think !

LilianBoulard avatar Aug 08 '22 13:08 LilianBoulard

Looks good to me.

I'm merging

GaelVaroquaux avatar Sep 14 '22 08:09 GaelVaroquaux