CodeQL scan #76

Workflow file for this run

	name: "CodeQL scan"

	on:
	schedule:
	- cron: "0 0 * * *"
	push:
	branches: [ "main", "releases/**" ]
	pull_request:
	branches: ["main", "releases/**"]

	permissions: {}

	jobs:
	CodeQL:
	name: Analyze (${{ matrix.language }})
	runs-on: ubuntu-24.04
	permissions:
	# required for all workflows
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	include:
	- language: python
	build-mode: none
	- language: actions # to scan workflows
	build-mode: none
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
	with:
	languages: ${{ matrix.language }}
	build-mode: ${{ matrix.build-mode }}

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
	with:
	category: "/language:${{matrix.language}}"

	- name: Generate CodeQL Report
	uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	template: report
	outputDir: codeql-${{ matrix.language }}

	- name: Rename Report
	shell: bash
	continue-on-error: true
	run: \|
	cd codeql-${{ matrix.language }}
	mv "report.pdf" "codeql-${{ matrix.language }}.pdf"

	- name: Upload Report
	uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
	with:
	name: codeql-${{ matrix.language }}-results
	path: codeql-${{ matrix.language }}/*.pdf
	retention-days: 7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CodeQL scan #76

Workflow file

CodeQL scan #76

Jobs

Run details

Workflow file for this run