Fix #175, CodeQL Action Workflow #165
Conversation
|
Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL? |
@astrogeco CodeQL results will be found in the code scanning alerts section of the security tab. The configuration file for CodeQL is the codeql-build-cfs.yml file. |
|
Cool! I couldn't access your link but I was able to see the list at |
|
For the configuration file, I meant something like this: https://github.com/github/codeql-action#configuration-file so we can specify which vulnerabilities to look for. |
ArielSAdamsNASA
added
the
CCB:Ignore
astrogeco
added
CCB:Ready
|
Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue. |
ArielSAdamsNASA
changed the title
@astrogeco Completed. |
CodeQL is the engine behind LGTM so we're technically using it. |
astrogeco
changed the title
|
@ArielSAdamsNASA can you add a screenshot of what the code report looks like. It might be useful for the CCB |
|
CCB:2021-01-21 APPROVED |
astrogeco
added
IC:2021-01-19
and removed
CCB:Ready
Fix nasa#60, rework loop in CF_CFDP_CycleTx
Describe the contribution
Fix #175
Implemented CodeQL Action as a workflow to automatically detect common vulnerabilities and coding errors.
Expected behavior changes
Results should be displayed in the Security tab under Code Scanning Alerts. The workflow is triggered when code is pushed to any branch in a repository and during pull request events.
Additional context
For more information visit: https://github.com/github/codeql-action
Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal