| name: "Code scanning - action" |
| |
| on: |
| push: |
| branches: |
| - develop |
| - master |
| - release/* |
| pull_request: |
| schedule: |
| - cron: '0 19 * * 1' |
| workflow_dispatch: |
| |
| concurrency: |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} |
| cancel-in-progress: true |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| CodeQL-Build: |
| |
| runs-on: ubuntu-latest |
| permissions: |
| security-events: write |
| |
| steps: |
| - name: Harden Runner |
| uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 |
| with: |
| egress-policy: audit |
| |
| - name: Checkout repository |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| with: |
| persist-credentials: false |
| |
| # Initializes the CodeQL tools for scanning. |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 |
| with: |
| languages: c-cpp |
| |
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
| # If this step fails, then you should remove it and run the build manually (see below) |
| - name: Autobuild |
| uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 |