ci: add CodeQl (SAST) #84

Phillip9587 · 2025-02-19T21:34:32Z

CodeQL Code Scanning was added to Express so I think it would be good to add it here as well. It also improves the scorecard score of this repo: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/pillarjs/finalhandler

Related to: expressjs/security-wg#2

github-advanced-security · 2025-02-19T21:35:55Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Phillip9587 · 2025-03-05T17:49:25Z

@wesleytodd Can we merge this to improve our Scorecard Score?

ci: add CodeQl (SAST)

f108d37

Phillip9587 requested a review from bjohansebas February 19, 2025 21:35

bjohansebas approved these changes Feb 19, 2025

View reviewed changes

wesleytodd approved these changes Feb 20, 2025

View reviewed changes

UlisesGascon approved these changes Feb 20, 2025

View reviewed changes

wesleytodd merged commit fc3a65f into pillarjs:master Mar 5, 2025
12 checks passed

Phillip9587 deleted the codeql branch March 5, 2025 19:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: add CodeQl (SAST) #84

ci: add CodeQl (SAST) #84

Phillip9587 commented Feb 19, 2025

github-advanced-security bot commented Feb 19, 2025

Phillip9587 commented Mar 5, 2025

ci: add CodeQl (SAST) #84

ci: add CodeQl (SAST) #84

Conversation

Phillip9587 commented Feb 19, 2025

github-advanced-security bot commented Feb 19, 2025

Phillip9587 commented Mar 5, 2025