mempool-cli icon indicating copy to clipboard operation
mempool-cli copied to clipboard
verified publisher icon mempool

Codeql SAST

Open naveensrinivasan opened this issue 3 years ago • 2 comments

Run codeql for SAST https://github.com/ossf/scorecard/blob/main/docs/checks.md#sast

naveensrinivasan avatar Mar 07 '22 18:03 naveensrinivasan

sorry I'm not familiar with that, what is it?

qustavo avatar Mar 09 '22 10:03 qustavo

Codeql https://codeql.github.com is a static analysis tool by GitHub to identify Vulnerabilities in the code. I am a maintainer of a few supply chain security projects.

Here is a list of issues Codeql found in kaniko https://github.com/GoogleContainerTools/kaniko/pull/1905/checks?check_run_id=5010209790 as an example.

This will help prevent Vulnerabilities.

naveensrinivasan avatar Mar 09 '22 15:03 naveensrinivasan