Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create codeql-analysis.yml #3314

Merged
merged 3 commits into from
Sep 2, 2021
Merged

Create codeql-analysis.yml #3314

merged 3 commits into from
Sep 2, 2021

Conversation

jenshnielsen
Copy link
Collaborator

Github recommends codeql for security testing. This just proposes to merge their default workflow

@codecov
Copy link

codecov bot commented Aug 30, 2021
edited
Loading

Codecov Report

Merging #3314 (d84d9bd) into master (5262fdf) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #3314   +/-   ##
=======================================
  Coverage   66.20%   66.20%           
=======================================
  Files         220      220           
  Lines       29250    29250           
=======================================
  Hits        19365    19365           
  Misses       9885     9885

astafan8
astafan8 previously approved these changes Aug 30, 2021
View reviewed changes
@astafan8 astafan8 dismissed their stale review August 31, 2021 09:00

too early

@trevormorgan
Copy link
Contributor

why does github recommend doing this?

@jenshnielsen
Copy link
Collaborator Author

It recommended by https://github.com/QCoDeS/Qcodes/security/code-scanning its supposed to scan for security vulnerabilities but I am not sure how effective it is for python

@trevormorgan
Copy link
Contributor

It recommended by https://github.com/QCoDeS/Qcodes/security/code-scanning its supposed to scan for security vulnerabilities but I am not sure how effective it is for python

interesting, if it is effective it could be worth the extra build time or maybe this is an action that should be performed weekly?

@jenshnielsen jenshnielsen force-pushed the enable-codeql branch 2 times, most recently from c61bab3 to 6c431d2 Compare September 2, 2021 08:46
@jenshnielsen
Copy link
Collaborator Author

@trevormorgan @astafan8 I rebase this removed the comments and changed it to only run once a week. Lets try to enable it and see it it is useful

astafan8
astafan8 approved these changes Sep 2, 2021
View reviewed changes
Copy link
Contributor

@astafan8 astafan8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed, let's give it a try weekly

@jenshnielsen jenshnielsen merged commit ed825e6 into master Sep 2, 2021
@jenshnielsen jenshnielsen deleted the enable-codeql branch December 20, 2021 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@astafan8 astafan8 astafan8 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jenshnielsen @trevormorgan @astafan8