terraform-switcher icon indicating copy to clipboard operation
terraform-switcher copied to clipboard

Published 20 hours ago verified publisher icon warrensbox

Create codeql-analysis.yml

Open jukie opened this issue 2 years ago • 2 comments

Adds code scanning for vulnerabilities like the ones discovered by a user in #254

jukie avatar Jun 29 '22 05:06 jukie

  1. Should we exclude non-Golang paths to Avoid unnecessary scans of pull requests? Like e.g. in this PR CodeQL sort of blocks this PR whereas this PR has nothing to do with the alerted file.
  2. Also is there an option for CodeQL to ignore some code lines, blocks and snippets? I was able to only find how to ignore files, but couldn't find an option for inline comments to disable check for specific fragments of code 🤷🏻 Like for when we do want or need some flagged code block to remain as is.

yermulnik avatar Jun 29 '22 10:06 yermulnik

Yeah I need to clean this up @yermulnik, converting to draft

jukie avatar Jun 29 '22 15:06 jukie

I rebased and updated the codeql defintion. Maybe we should go forward with this?

MatrixCrawler avatar Apr 08 '24 09:04 MatrixCrawler

Maybe we should go forward with this?

I'm fine with this going forward. @jukie seems to has been inactive for some time 😢, so we may need to proceed on our own.

yermulnik avatar Apr 08 '24 12:04 yermulnik

Thanks @yermulnik! Looks like a lot of activity here, I'll start getting involved again

jukie avatar Apr 08 '24 12:04 jukie

Thanks @yermulnik! Looks like a lot of activity here, I'll start getting involved again

Yay, that's great 🥳

yermulnik avatar Apr 08 '24 12:04 yermulnik