Add codeql workflow (#5743)

Kramer0x0 · web-flow · commit 5306261e1383 · 2024-01-24T07:12:19.000+01:00
* Adding codeql workflow

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;

* Adding empty line

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;

* Adding empty line

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;

* Updating to format markdown table

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;

* Fixing formatting

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;

---------

Signed-off-by: Ryan West &lt;rwest2@apple.com&gt;
diff --git a/.github/workflows-doc.md b/.github/workflows-doc.md
@@ -19,6 +19,7 @@ test-build-deploy.yml specifies a workflow that runs all Cortex continuous integ
 | test                   | Runs units tests on Cassandra testing framework.                                                                              | CI   |
 | integration-configs-db | Integration tests for database configurations.                                                                                | CI   |
 | integration            | Runs integration tests after upgrading golang, pulling necessary docker images and downloading necessary module dependencies. | CI   |
+| Security/CodeQL        | CodeQL is a semantic code analysis engine used for automating security checks.                                                | CI   |
 | build                  | Builds and saves an up-to-date Cortex image and website.                                                                      | CI   |
 | deploy_website         | Deploys the latest version of Cortex website to gh-pages branch. Triggered within workflow.                                   | CD   |
 | deploy                 | Deploys the latest Cortex image.                                                                                              | CD   |
diff --git a/.github/workflows/test-build-deploy.yml b/.github/workflows/test-build-deploy.yml
@@ -56,6 +56,26 @@ jobs:
       - name: Run Tests
         run: make BUILD_IN_CONTAINER=false test
 
+  security:
+    name: CodeQL
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: go
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+
+  
   build:
     runs-on: ubuntu-20.04
     container:
