Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(GH-570) Add GitHub Action scanning workflows #571

Merged
merged 1 commit into from
Jul 5, 2024

Conversation

flcdrg
Copy link
Member

@flcdrg flcdrg commented Jun 29, 2024

Description Of Changes

Add GitHub Action workflows that run security and static analysis

  • Add PSScriptAnalyzer workflow
  • Add Codacy workflow
  • Add DevSkim workflow
  • Add CodeQL workflow

Motivation and Context

Strengthen security checking and reduce risk of introducing vulnerabilities

Testing

Tested in my repo

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

Fixes #570

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@flcdrg flcdrg changed the title (GH-570) Add GitHub Action workflow (GH-570) Add GitHub Action scanning workflows Jun 29, 2024
@mwallner
Copy link
Member

This looks awesome! .. I just wonder if we should work on some of the issues or we can/should add some exceptions for the hits.

@flcdrg
Copy link
Member Author

flcdrg commented Jun 30, 2024

Probably need to review them and figure out which ones are actionable and which ones may not be relevant.

@flcdrg flcdrg force-pushed the integration-tests branch from 71b36f6 to e63b215 Compare June 30, 2024 23:37
@flcdrg flcdrg requested a review from mwallner June 30, 2024 23:37
mwallner
mwallner previously approved these changes Jul 1, 2024
Copy link
Member

@mwallner mwallner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one question on the cron schedule ... (I don'get get it 😄 )
=> so those workflows got two triggers, on push and also by schedule, - but wouldn't it be easier to grasp if we did use cron-expressions such as "@Weekly" etc?

@flcdrg
Copy link
Member Author

flcdrg commented Jul 3, 2024

They were just the default values created by the GitHub templates, but yeah that sounds like a better idea

@flcdrg
Copy link
Member Author

flcdrg commented Jul 3, 2024

But unfortunately GitHub Actions don't support that - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule

I will tweak the schedules though

- Add PSScriptAnalyzer workflow
- Add Codacy workflow
- Add DevSkim workflow
- Add CodeQL workflow

Implements chocolatey#570
@mwallner mwallner merged commit 678c86e into chocolatey:develop Jul 5, 2024
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Enable GitHub security and static analysis scanning
2 participants