CodeQL analysis #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL analysis" | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "30 1 * * 0" # Weekly scan | |
| jobs: | |
| codeql-analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write # Needed for uploading SARIF | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ["python"] | |
| build-mode: ["none"] # Use manual here if needed | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/[email protected] | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| # config-file: .github/codeql-config.yaml # If using custom queries | |
| # If you need a manual build, add your build steps here | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/[email protected] | |
| with: | |
| category: "/language:${{ matrix.language }}" | |
| # SARIF reports are uploaded automatically by the 'analyze' step. |