Merge pull request #10843 from ahpaleus/features/add_codeql_to_sdlc

[Feature] Adds CodeQL to the SDLC process
2025-02-02 08:21:09 -08:00 · 2022-03-29 12:07:44 +01:00 · 2022-03-29 12:07:44 +01:00 · 80dff41c00
parent b5f3a357e2 d53750d389
commit 80dff41c00
2 changed files with 39 additions and 0 deletions
--- a/.github/workflows/SA-codeql.yml
+++ b/.github/workflows/SA-codeql.yml
@ -0,0 +1,39 @@
+# This workflow checks out code, performs a CodeQL analysis (for JavaScript) and integrates the results
+# with the GitHub Advanced Security code scanning feature.
+# More information: https://codeql.github.com/
+name: CodeQL Security Scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+#   schedule:
+#     - cron: '15 17 * * 1'
+
+jobs:
+  analyze:
+    name: CodeQL Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/public/js/plugins/chartjs/Chart.bundle.js
+++ b/public/js/plugins/chartjs/Chart.bundle.js