bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Set up CodeQL scans

Open artem-smotrakov opened this issue 5 years ago • 1 comments

GitHub now offers static analysis scans for open-source projects. The scans are based on CodeQL engine that is also used on lgtm.com

https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository

When enabled on pull requests, the scans help to prevent introducing multiple issues (including security ones).

This pull requests adds a GitHub action that runs a scan for master branch and pull requests.

artem-smotrakov avatar Oct 22 '20 13:10 artem-smotrakov

Here is how the checks on pull requests are going to look:

https://github.com/artem-smotrakov/bc-java/pull/1

artem-smotrakov avatar Oct 22 '20 13:10 artem-smotrakov