stellar-core icon indicating copy to clipboard operation
stellar-core copied to clipboard
verified publisher icon stellar

Add CodeQL config

Open kanwalpreetd opened this issue 1 year ago • 0 comments

Description

Added Github workflow for running security code scans through CodeQL.

The scan results will be visible under the Security tab, once a scan is complete.

I am thinking we could run the analysis job periodically (once every Sunday) on master, but can also provide ability to be triggered manually (as per current config). It takes around 3-4 hours to run since CodeQL needs a fresh build to perform the analysis.

The scan as per current config will be performed on 4 builds with gcc and clang for current and next protocol versions. This PR won't run the scan until merged (since workflow config specifies it can only run on master once merged), but a preview of the scan job can be seen here in a fork

Checklist

  • [ ] Reviewed the contributing document
  • [ ] Rebased on top of master (no merge commits)
  • [ ] Ran clang-format v8.0.0 (via make format or the Visual Studio extension)
  • [ ] Compiles
  • [ ] Ran all tests
  • [ ] If change impacts performance, include supporting evidence per the performance document

kanwalpreetd avatar May 09 '24 23:05 kanwalpreetd