codeql.yml 1002 B

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. name: "CodeQL"
  2. on:
  3. push:
  4. branches:
  5. - master
  6. - "!dependabot/**"
  7. pull_request:
  8. # The branches below must be a subset of the branches above
  9. branches:
  10. - master
  11. - "!dependabot/**"
  12. schedule:
  13. - cron: "0 0 * * 0"
  14. workflow_dispatch:
  15. jobs:
  16. analyze:
  17. name: Analyze
  18. runs-on: ubuntu-latest
  19. permissions:
  20. security-events: write
  21. steps:
  22. - name: Checkout repository
  23. uses: actions/checkout@v3
  24. with:
  25. persist-credentials: false
  26. # Initializes the CodeQL tools for scanning.
  27. - name: Initialize CodeQL
  28. uses: github/codeql-action/init@v2
  29. with:
  30. languages: "javascript"
  31. config-file: ./.github/codeql/codeql-config.yml
  32. queries: +security-and-quality
  33. - name: Autobuild
  34. uses: github/codeql-action/autobuild@v2
  35. - name: Perform CodeQL Analysis
  36. uses: github/codeql-action/analyze@v2
  37. with:
  38. category: "/language:javascript"