Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup Codeql workflow #7614

Closed
wants to merge 1 commit into from
Closed

setup Codeql workflow #7614

wants to merge 1 commit into from

Conversation

mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Apr 2, 2024
edited
Loading

Please add a summary of your change

  • setup Codeql workflow to help identify vulnerabilities.

Does your change fix a particular issue?

  • Potentially unsafe external link
  • Incorrect conversion between integer types

Please indicate you've done the following:

  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Created a changelog file or added /kind changelog-not-required as a comment on this pull request.
  • Updated the corresponding documentation in site/content/docs/main.

@github-actions github-actions bot added the Website non-docs changes for the website label Apr 2, 2024
@github-actions github-actions bot added the kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes label Apr 2, 2024
@codecov Codecov
Copy link

codecov bot commented Apr 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.

Project coverage is 58.66%. Comparing base (f7c0244) to head (e8c46fd).
Report is 294 commits behind head on main.

Files with missing lines Patch % Lines
pkg/plugin/framework/common/server_errors.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7614   +/-   ##
=======================================
  Coverage   58.66%   58.66%           
=======================================
  Files         344      344           
  Lines       28731    28731           
=======================================
  Hits        16854    16854           
  Misses      10448    10448           
  Partials     1429     1429

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@mmorel-35
setup codeQL workflow
e8c46fd 
Signed-off-by: Matthieu MOREL <[email protected]>
@blackpiglet
Copy link
Contributor

I'm trying to understand the benefit of this PR.
To me, this PR enables the CodeQL scanning on the PR.

Velero repository already enabled the CodeQL scanning per week. I don't know whether they do the same job.
截屏2024-06-07 16 30 29

@mmorel-35
Copy link
Contributor Author

This explicit the configuration and allows customization

@mmorel-35
Copy link
Contributor Author

Hi @blackpiglet ,

Just another reason to define the workflow instead of using github config, this make the workflow visible by Velero's clients and also to OpenSSF, see https://securityscorecards.dev/viewer/?uri=github.com/vmware-tanzu/velero . On SAST section, it doesn't know that you are actually using CodeQL

@mmorel-35 mmorel-35 closed this by deleting the head repository Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaovilai kaovilai kaovilai approved these changes

@Lyndon-Li Lyndon-Li Awaiting requested review from Lyndon-Li

@sseago sseago Awaiting requested review from sseago

Assignees

@mmorel-35 mmorel-35

Labels
kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes Website non-docs changes for the website
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmorel-35 @blackpiglet @kaovilai