sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.github: Add initial CodeQL config and workflow files

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4115

Adds initial support for enabling CodeQL Code Scanning in this
repository per the RFC:

  https://github.com/tianocore/edk2/discussions/3258

Adds the following new files:
  - .github/workflows/codql-analysis.yml - The main GitHub workflow
    file used to setup CodeQL in the repo.
  - .github/codeql/codeql-config.yml - The main CodeQL configuration
    file used to customize the queries and other resources the repo
    is using for CodeQL.
  - edk2.qls - A query set of queries to run for CodeQL.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
This commit is contained in:
Michael Kubacki
2022-08-03 16:19:02 -04:00
committed by mergify[bot]
parent c7aecf2a4f
commit 6c1a4a376e
3 changed files with 133 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.github/codeql/codeql-config.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
## @file
# CodeQL configuration file for edk2.
#
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
name: "CodeQL config"
# The following line disables the default queries. This is used because we want to enable on query at a time by
# explicitly specifying each query in a "queries" array as they are enabled.
#
# See the following for more information about adding custom queries:
# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file
#disable-default-queries: true
queries:
- name: EDK2 CodeQL Query List
uses: ./.github/codeql/edk2.qls
# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but
# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed
# to find the level of problems desired from the query.
query-filters:
- exclude:
problem.severity:
- error
- warning
- recommendation