https://github.com/advanced-security/config
https://github.com/advanced-security/config
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/advanced-security/config
- Owner: advanced-security
- License: apache-2.0
- Created: 2022-08-17T07:50:11.000Z (over 2 years ago)
- Default Branch: true
- Last Pushed: 2022-08-17T09:46:26.000Z (over 2 years ago)
- Last Synced: 2025-01-10T00:15:21.727Z (4 months ago)
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
This allows one to disable Code Scanning's default query set without having to create a separate configuration file. One can add this to one's Code Scanning workflow file as follows:
```yaml
name: "CodeQL"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '36 3 * * 2'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'java', 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# the following line will disable the default queries
config-file: advanced-security/config/disable-default-queries@true
# one can now run one's own queries / suites / query packs:
packs: >
ghas-trials/${{ matrix.language }}-queries:codeql-suites/${{ matrix.language }}-security-all.qls,
ghas-trials/${{ matrix.language }}-queries:codeql-suites/${{ matrix.language }}-security-experimental.qls
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
```