Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add CodeQL Github Action #9252

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

add CodeQL Github Action #9252

wants to merge 1 commit into from

Conversation

carlsonp
Copy link
Contributor

@carlsonp carlsonp commented Jan 3, 2023

What this PR does / why we need it:

This adds a Github Action for CodeQL. It integrates well since it's from Github. It helps in checking for security vulnerabilities.

Will be a no-op for code and documentation.

Which issue(s) this PR closes:

Special notes for your reviewer:

Suggestions on how to test this:

Does this PR introduce a user interface change? If mockups are available, please link/include them here:

Is there a release notes update needed for this change?:

Additional documentation:

@pdurbin pdurbin added the Size: 10 A percentage of a sprint. 7 hours. label Feb 28, 2024
@scolapasta
Copy link
Contributor

If you are still interested in this PR, can you please merge and resolve any merge conflicts with the latest from develop? If so, we can prioritize reviewing and QAing the changes. If we don’t hear from you by May 22, 2024, we’ll go ahead and close this PR (it can always be reopened after that date, if there is still interest).

@carlsonp
Copy link
Contributor Author

Rebased onto develop branch

@bencomp
Copy link
Contributor

bencomp commented Jul 25, 2024

Hooray for code quality tools integration! I hope this PR will be merged, and/or #9847. (I'm not really involved, but have been a proponent of cleaning up the code base for years.)

However, https://github.com/IQSS/dataverse/actions/runs/8842621992 says that the autobuild failed and to update the used actions. Could you have a look at the suggestions?

@pdurbin pdurbin added the Type: Feature a feature request label Oct 9, 2024
@cmbz
Copy link

cmbz commented Nov 18, 2024

2024/11/18: @ofahimIQSS please review and decide how we can move it forward. Thanks!

@ofahimIQSS
Copy link
Contributor

I’m currently researching the potential benefits of integrating CodeQL into our GitHub Actions workflow. CodeQL is a robust security and code analysis tool designed to identify vulnerabilities and maintain high-quality code standards.

Over the next few weeks, I’ll analyze how CodeQL compares to other similar tools, evaluating its impact on our development process, code quality, and overall team efficiency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Size: 10 A percentage of a sprint. 7 hours. Type: Feature a feature request
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

6 participants