Add CodeQL analysis workflow for security scanning #652
Conversation
Ytemiloluwa
requested review from
nachoBonafonte,
bryce-b and
vvydier
as code owners
|
It failed to run |
Ytemiloluwa
force-pushed
the
codeql-scan-workflow
branch
from
6968948 to
a24ecda
Compare
I made an update, but the workflow needs approval. |
|
Yhe CodeQL analysis still fails tu run properly |
The error has been fixed. all should be good now |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
Hi maintainers, @nachoBonafonte @bryce-b @vvydier I've implemented the CodeQL security scanning workflow as requested in issue #565. The CodeQL workflow is now:
The CodeQL bot has confirmed successful setup of code scanning, indicating that security analysis results will be available in the Security tab once merged. Note: I notice the Build and Test workflow is failing, but this appears unrelated to the CodeQL workflow changes since I only modified the CodeQL analysis file. Please review when you have a chance. Let me know if you'd like any adjustments to the CodeQL configuration. |
This PR adds a GitHub Actions workflow for running CodeQL analysis on the codebase to identify security vulnerabilities. The workflow is configured to automatically run on every push to the main branch and on pull requests targeting the main branch. It leverages the
github/codeql-actionto scan the repository for potential security issues in the Swift code.Closes #565
Changes made: