Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Add security workflow (2/2): CodeQL scan #46

Closed
wants to merge 1 commit into from

Conversation

kxyr
Copy link

@kxyr kxyr commented May 20, 2021

Motivation

Follow up to PR #45 and issue open-telemetry/oteps#144

CodeQL is GitHub's static analysis engine which scans repos for security vulnerabilities. As the project grows and we near GA it might be useful to have a workflow which checks for security vulnerabilities with every PR so we can ensure every incremental change is following best development practices. Also passing basic security checks will also make sure that there aren't any glaring issues for our users.

Changes

This PR adds CodeQL security checks to the repo

  • After every run the workflow uploads the results to GitHub. Details on the run and security alerts will show up in the security tab of this repo.

Workflow Triggers

  • on commit to main (to match what is being done in the Collector repo)
  • workflow_dispatch (in case maintainers want to trigger a security check manually)

cc- @alolita

@kxyr kxyr requested review from a team May 20, 2021 21:29
@kxyr
Copy link
Author

kxyr commented May 21, 2021

Closing this as CodeQL is already part of the CI workflow here

@kxyr kxyr closed this May 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants