Enable CodeQL in this repo #538
Merged
Commits on Jul 17, 2023
-
Enable CodeQL in this repo (Azure#537)
CodeQL detects one C# file and four C files in this repository and wants to run analysis on them. This PR enables CodeQL analysis. For the C code, since CodeQL's autobuild can't figure out our Rust-based build, I added a custom pipeline. I adapted the YAML that GitHub generates for [advanced code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-manually). For C#, the single file in this repo is not production code--it's meant to be run inside an Azure Function during a test--so building it in the new pipeline isn't worth the effort. Instead, I changed the extension on the file. Hopefully CodeQL will pass over it.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.