Skip to content

Add Actions to CodeQL workflow #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2025
Merged

Add Actions to CodeQL workflow #152

merged 1 commit into from
Oct 9, 2025

Conversation

@ncalteen
Copy link
Contributor

@ncalteen ncalteen commented Oct 9, 2025

No description provided.

@ncalteen ncalteen self-assigned this Oct 9, 2025
@ncalteen ncalteen requested a review from a team as a code owner October 9, 2025 21:37
Copilot AI review requested due to automatic review settings October 9, 2025 21:37
Copilot AI reviewed Oct 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds Actions language support to the CodeQL workflow configuration to enable security scanning of GitHub Actions workflows.

  • Added "actions" to the language matrix in the CodeQL workflow

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@github-advanced-security
Copy link

github-advanced-security bot commented Oct 9, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions
Copy link

github-actions bot commented Oct 9, 2025

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 6 0 0 0.05s
✅ JSON jsonlint 11 0 0 0.16s
✅ JSON npm-package-json-lint yes no no 0.78s
✅ JSON prettier 11 0 0 1.09s
✅ JSON v8r 11 0 0 8.92s
✅ MARKDOWN markdownlint 1 0 0 0.86s
✅ REPOSITORY gitleaks yes no no 1.16s
✅ REPOSITORY git_diff yes no no 0.08s
✅ REPOSITORY grype yes no no 36.98s
✅ REPOSITORY secretlint yes no no 1.38s
✅ REPOSITORY syft yes no no 7.64s
✅ REPOSITORY trivy-sbom yes no no 4.12s
✅ REPOSITORY trufflehog yes no no 21.06s
✅ TYPESCRIPT prettier 30 0 0 1.97s
✅ YAML prettier 18 0 0 1.11s
✅ YAML v8r 18 0 0 9.62s
✅ YAML yamllint 18 0 0 0.77s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@ncalteen ncalteen merged commit 971139f into main Oct 9, 2025
6 checks passed
@ncalteen ncalteen deleted the ncalteen/codeql-actions branch October 9, 2025 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@ncalteen ncalteen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ncalteen