-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #175, CodeQL Action Workflow #165
Conversation
Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL? |
@astrogeco CodeQL results will be found in the code scanning alerts section of the security tab. The configuration file for CodeQL is the codeql-build-cfs.yml file. |
Cool! I couldn't access your link but I was able to see the list at |
For the configuration file, I meant something like this: https://github.com/github/codeql-action#configuration-file so we can specify which vulnerabilities to look for. |
Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue. |
@astrogeco Completed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me, but I haven't used CodeQL.
CodeQL is the engine behind LGTM so we're technically using it. |
@ArielSAdamsNASA can you add a screenshot of what the code report looks like. It might be useful for the CCB |
CCB:2021-01-21 APPROVED |
Fix nasa#60, rework loop in CF_CFDP_CycleTx
Describe the contribution
Fix #175
Implemented CodeQL Action as a workflow to automatically detect common vulnerabilities and coding errors.
Expected behavior changes
Results should be displayed in the Security tab under Code Scanning Alerts. The workflow is triggered when code is pushed to any branch in a repository and during pull request events.
Additional context
For more information visit: https://github.com/github/codeql-action
Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal