Add CodeQL security scan workflow

[kpj2006]

Addressed Issues:

Fixes #(issue number)

Screenshots/Recordings:

Additional Notes:

Checklist

• My code follows the project's code style and conventions
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have joined the Discord server and I will share a link to this PR with the project maintainers there
• I have read the Contributing Guidelines

⚠️ AI Notice - Important!

We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact.

Summary by CodeRabbit

• Chores
  • Implemented automated analysis workflow that processes code across multiple programming languages
  • Added repository configuration for proper file type detection in GitHub language statistics

[coderabbitai]

Warning

Rate limit exceeded

@kpj2006 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 31 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0a9ab890-cd29-45c1-83fa-9adf1372331c

📥 Commits

Reviewing files that changed from the base of the PR and between 5d4fb69 and 084fe07.

📒 Files selected for processing (1)

• .github/workflows/codeql.yml

Walkthrough

This pull request adds CodeQL security scanning automation to the repository. It introduces a .gitattributes file to configure GitHub Actions workflow YAML file metadata, and a new .github/workflows/codeql.yml workflow that detects repository languages and performs automated security analysis.

Changes

Cohort / File(s)	Summary
Git Configuration .gitattributes	Marks GitHub Actions workflow YAML files as linguist-detectable and excludes them from vendored detection.
CodeQL Workflow .github/workflows/codeql.yml	New GitHub Actions workflow that creates a language detection matrix and runs CodeQL security analysis with conditional setup of language-specific runtimes (Node, Python, Java) and build tools.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• Zahnentferner

Poem

🐰 A rabbit hops through code with care,
CodeQL scanning fills the air,
With workflows bright and languages galore,
Security checks we now explore! 🔍✨

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and clearly summarizes the main change: adding a CodeQL security scan workflow, which is the primary focus of the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/codeql.yml:
- Around line 104-140: YAMLlint reports `empty-lines` errors around the CodeQL
and manual build steps; remove the stray blank lines in the workflow so there
are no consecutive empty lines around the "Initialize CodeQL" step and the
"Build Java (Gradle)" and "Build Java (Maven)" job entries (these are the steps
named "Initialize CodeQL", "Build Java (Gradle)" and "Build Java (Maven)" in the
diff) — ensure single blank lines separate top-level blocks and the YAML
sequence items are contiguous to satisfy the empty-lines rule.
- Around line 33-38: The workflow currently uses a floating tag for the step
with id "set-matrix" (uses: advanced-security/set-codeql-language-matrix@v1);
replace the mutable tag with the exact commit SHA of that action repository
(uses: advanced-security/set-codeql-language-matrix@<full-commit-sha>) so the
workflow is pinned to an immutable commit—fetch the desired commit SHA from the
action repo (or its release commit) and update the "uses" value accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: ea9183e2-e3fb-4ef0-806c-4bb609374b84

📥 Commits

Reviewing files that changed from the base of the PR and between bcc461b and 5d4fb69.

📒 Files selected for processing (2)

• .gitattributes
• .github/workflows/codeql.yml