(GH-570) Add GitHub Action scanning workflows #571
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
flcdrg
changed the title
|
This looks awesome! .. I just wonder if we should work on some of the issues or we can/should add some exceptions for the hits. |
|
Probably need to review them and figure out which ones are actionable and which ones may not be relevant. |
flcdrg
force-pushed
the
integration-tests
branch
from
71b36f6
to
e63b215
Compare
There was a problem hiding this comment.
LGTM, just one question on the cron schedule ... (I don'get get it 😄 )
=> so those workflows got two triggers, on push and also by schedule, - but wouldn't it be easier to grasp if we did use cron-expressions such as "@Weekly" etc?
|
They were just the default values created by the GitHub templates, but yeah that sounds like a better idea |
|
But unfortunately GitHub Actions don't support that - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule I will tweak the schedules though |
- Add PSScriptAnalyzer workflow - Add Codacy workflow - Add DevSkim workflow - Add CodeQL workflow Implements chocolatey#570
Description Of Changes
Add GitHub Action workflows that run security and static analysis
Motivation and Context
Strengthen security checking and reduce risk of introducing vulnerabilities
Testing
Tested in my repo
Change Types Made
Change Checklist
Related Issue
Fixes #570