-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: introduce CodeQL scan #10725
chore: introduce CodeQL scan #10725
Conversation
CodeQL sanning will replace deprecating LGTM
Codecov Report
@@ Coverage Diff @@
## main #10725 +/- ##
=======================================
Coverage 85.71% 85.71%
=======================================
Files 196 196
Lines 18335 18335
Branches 3900 3900
=======================================
Hits 15715 15715
Misses 2544 2544
Partials 76 76 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I would remove the comments unless you feel strongly about having those there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍🏻
Description of changes
The LGTM will stop running for new commits and PRs on 11/30/2022(blog post). This change is part of the effort to migrate the LGTM check to CodeQL workflow.
After introducing this workflow, the vulneribility alerts can be checked on the
Security
tab of the repo. Here is the example in the forked repo. Thedocs
folder is excluded from the scanning scope as itself takes over 2 hrs to scan. We can setup a separate cron job to run scanning on thedocs
folder. This behavior corresponds to the current LGTM config.By default, the PR check would fail if high or critical alert is detected. We can tune down the sensitivity to critical later if we find most of PRs are blocked with the code scanning config.
Issue #, if available
Description of how you validated changes
Validated the behavior in forked repo here.
Checklist
yarn test
passesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.