Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #175, CodeQL Action Workflow #165

Merged
merged 1 commit into from
Jan 27, 2021
Merged

Fix #175, CodeQL Action Workflow #165

merged 1 commit into from
Jan 27, 2021

Conversation

ArielSAdamsNASA
Copy link
Contributor

@ArielSAdamsNASA ArielSAdamsNASA commented Dec 21, 2020

Describe the contribution
Fix #175
Implemented CodeQL Action as a workflow to automatically detect common vulnerabilities and coding errors.

Expected behavior changes
Results should be displayed in the Security tab under Code Scanning Alerts. The workflow is triggered when code is pushed to any branch in a repository and during pull request events.
image

Additional context
For more information visit: https://github.com/github/codeql-action

Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal

@astrogeco
Copy link
Contributor

astrogeco commented Jan 4, 2021

Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL?

@ArielSAdamsNASA
Copy link
Contributor Author

ArielSAdamsNASA commented Jan 4, 2021

Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL?

@astrogeco CodeQL results will be found in the code scanning alerts section of the security tab. The configuration file for CodeQL is the codeql-build-cfs.yml file.

@astrogeco
Copy link
Contributor

Cool!

I couldn't access your link but I was able to see the list at
https://github.com/nasa/cFS/security/code-scanning?query=ref%3Arefs%2Fpull%2F165%2Fmerge

@astrogeco
Copy link
Contributor

For the configuration file, I meant something like this: https://github.com/github/codeql-action#configuration-file so we can specify which vulnerabilities to look for.

@ArielSAdamsNASA ArielSAdamsNASA added the CCB:Ignore Pull Request is NOT ready for discussion. Has open actions. Will be re-examined at by next CCB. label Jan 5, 2021
@astrogeco astrogeco added CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) and removed CCB:Ignore Pull Request is NOT ready for discussion. Has open actions. Will be re-examined at by next CCB. labels Jan 14, 2021
@astrogeco
Copy link
Contributor

Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue.

@ArielSAdamsNASA ArielSAdamsNASA changed the title CodeQL Action Workflow Fix #175 CodeQL Action Workflow Jan 14, 2021
@ArielSAdamsNASA
Copy link
Contributor Author

Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue.

@astrogeco Completed.

Copy link
Contributor

@skliper skliper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me, but I haven't used CodeQL.

@astrogeco
Copy link
Contributor

Looks fine to me, but I haven't used CodeQL.

CodeQL is the engine behind LGTM so we're technically using it.

@astrogeco astrogeco changed the title Fix #175 CodeQL Action Workflow Fix #175, CodeQL Action Workflow Jan 14, 2021
@astrogeco
Copy link
Contributor

@ArielSAdamsNASA can you add a screenshot of what the code report looks like. It might be useful for the CCB

@astrogeco
Copy link
Contributor

CCB:2021-01-21 APPROVED

@astrogeco astrogeco added IC:2021-01-19 and removed CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) CCB:2021-01-21 labels Jan 25, 2021
@astrogeco astrogeco changed the base branch from main to integration-candidate January 27, 2021 04:39
@astrogeco astrogeco merged commit 2dfbdd1 into nasa:integration-candidate Jan 27, 2021
chillfig pushed a commit to chillfig/cFS that referenced this pull request Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add GitHub Actions CodeQL Workflow
4 participants