verdnatura-mirror
/
strong-error-handler
mirror of https://github.com/loopbackio/strong-error-handler.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: fix Scorecard issues 

see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/7
see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/6
see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/5
see: https://github.com/loopbackio/security/issues/27
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
This commit is contained in:
Rifa Achrinza 2023-11-09 16:50:19 +08:00 committed by Diana Lau
parent f3646fb3d5
commit b7de086111
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/codeql-analysis.yml vendored
View File

@ -1,4 +1,4 @@
name: "CodeQL"
name: CodeQL
on:
push:
@ -9,20 +9,33 @@ on:
schedule:
- cron: '0 13 * * 6'
permissions: {}
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
steps:
- uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
disable-sudo: true
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
with:
languages: 'javascript'
config-file: ./.github/codeql/codeql-config.yml
languages: javascript-typescript
config-file: .github/codeql/codeql-config.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5