From 97a51c6202270f0dcb87622b8ac9008e5079fdb4 Mon Sep 17 00:00:00 2001
From: ganeshkumarsv <53483484+ganeshkumarsv@users.noreply.github.com>
Date: Tue, 19 Jul 2022 14:49:31 +0530
Subject: [PATCH] Setup Code Scanning on browser-sdk (#1640)

* Setup Code Scanning on browser-sdk

* restrict scan to production code

* remove comments

* simplify configuration

Co-authored-by: Bastien Caudan <bastien.caudan@gmail.com>
---
 .github/codeql-config.yml             | 10 +++++++++
 .github/workflows/codeql-analysis.yml | 29 +++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 .github/codeql-config.yml
 create mode 100644 .github/workflows/codeql-analysis.yml

diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
new file mode 100644
index 0000000000..72bfb84af3
--- /dev/null
+++ b/.github/codeql-config.yml
@@ -0,0 +1,10 @@
+name: 'CodeQL config'
+
+paths:
+  - packages/core/src
+  - packages/logs/src
+  - packages/rum/src
+  - packages/rum-core/src
+  - packages/rum-slim/src
+paths-ignore:
+  - '**/*.spec.ts'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000000..ce48dc2cd7
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,29 @@
+name: 'CodeQL'
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
+          config-file: .github/codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2