You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# required to fetch internal or private CodeQL packs
24
+
packages: read
25
+
26
+
# only required for workflows in private repositories
27
+
actions: read
28
+
contents: read
29
+
30
+
strategy:
31
+
fail-fast: false
32
+
matrix:
33
+
include:
34
+
- language: java
35
+
build-mode: manual # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too.
36
+
37
+
steps:
38
+
- name: Checkout repository
39
+
uses: actions/checkout@v4
40
+
with:
41
+
fetch-depth: '0'
42
+
43
+
# Add any setup steps before running the `github/codeql-action/init` action.
44
+
# This includes steps like installing compilers or runtimes (`actions/setup-node`
45
+
# or others). This is typically only required for manual builds.
46
+
# - name: Setup runtime (example)
47
+
# uses: actions/setup-example@v1
48
+
49
+
# Initializes the CodeQL tools for scanning.
50
+
51
+
52
+
53
+
- name: Initialize CodeQL
54
+
uses: github/codeql-action/init@v3
55
+
with:
56
+
languages: java
57
+
# If you wish to specify custom queries, you can do so here or in a config file.
58
+
# By default, queries listed here will override any specified in a config file.
59
+
# Prefix the list here with "+" to use these queries and those in the config file.
60
+
61
+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
62
+
queries: security-extended,security-and-quality
63
+
64
+
- name: Set up JDK
65
+
uses: actions/setup-java@v4
66
+
with:
67
+
java-version: '11'# Specify the JDK version your project needs
68
+
distribution: 'temurin'
69
+
cache: maven
70
+
71
+
# If the analyze step fails for one of the languages you are analyzing with
72
+
# "We were unable to automatically build your code", modify the matrix above
73
+
# to set the build mode to "manual" for that language. Then modify this step
74
+
# to build your code.
75
+
# ℹ️ Command-line programs to run using the OS shell.
76
+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
77
+
- if: matrix.build-mode == 'manual'
78
+
shell: bash
79
+
run: |
80
+
mvn -B clean install -DskipTests
81
+
82
+
- name: Perform CodeQL Analysis
83
+
uses: github/codeql-action/analyze@v3
84
+
with:
85
+
category: "/language:${{matrix.language}}"
86
+
87
+
88
+
analyze-js:
89
+
name: Analyze Javascript
90
+
runs-on: ubuntu-latest
91
+
permissions:
92
+
# required for all workflows
93
+
security-events: write
94
+
95
+
# required to fetch internal or private CodeQL packs
96
+
packages: read
97
+
98
+
# only required for workflows in private repositories
99
+
actions: read
100
+
contents: read
101
+
102
+
strategy:
103
+
fail-fast: false
104
+
matrix:
105
+
include:
106
+
- language: javascript-typescript
107
+
build-mode: none
108
+
109
+
steps:
110
+
- name: Checkout repository
111
+
uses: actions/checkout@v4
112
+
113
+
# Add any setup steps before running the `github/codeql-action/init` action.
114
+
# This includes steps like installing compilers or runtimes (`actions/setup-node`
115
+
# or others). This is typically only required for manual builds.
116
+
# - name: Setup runtime (example)
117
+
# uses: actions/setup-example@v1
118
+
119
+
# Initializes the CodeQL tools for scanning.
120
+
121
+
- name: Initialize CodeQL
122
+
uses: github/codeql-action/init@v3
123
+
with:
124
+
languages: ${{ matrix.language }}
125
+
build-mode: ${{ matrix.build-mode }}
126
+
# If you wish to specify custom queries, you can do so here or in a config file.
127
+
# By default, queries listed here will override any specified in a config file.
128
+
# Prefix the list here with "+" to use these queries and those in the config file.
129
+
130
+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
131
+
queries: security-extended,security-and-quality
132
+
133
+
# If the analyze step fails for one of the languages you are analyzing with
134
+
# "We were unable to automatically build your code", modify the matrix above
135
+
# to set the build mode to "manual" for that language. Then modify this step
136
+
# to build your code.
137
+
# ℹ️ Command-line programs to run using the OS shell.
138
+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
139
+
- if: matrix.build-mode == 'manual'
140
+
shell: bash
141
+
run: |
142
+
echo 'If you are using a "manual" build mode for one or more of the' \
143
+
'languages you are analyzing, replace this with the commands to build' \
0 commit comments