Merge branch 'main' into adding-mobsf-to-codescanning
This commit is contained in:
@@ -34,8 +34,7 @@ jobs:
|
||||
matrix:
|
||||
language: [ $detected-codeql-languages ]
|
||||
# CodeQL supports [ $supported-codeql-languages ]
|
||||
# Learn more:
|
||||
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
||||
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Find more information at:
|
||||
# https://github.com/microsoft/msvc-code-analysis-action
|
||||
|
||||
name: Microsoft C++ Code Analysis
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
env:
|
||||
# Path to the CMake build directory.
|
||||
build: '${{ github.workspace }}/build'
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Configure CMake
|
||||
run: cmake -B ${{ env.build }}
|
||||
|
||||
# Build is not required unless generated source files are used
|
||||
# - name: Build CMake
|
||||
# run: cmake --build ${{ env.build }}
|
||||
|
||||
- name: Initialize MSVC Code Analysis
|
||||
uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
|
||||
# Provide a unique ID to access the sarif output path
|
||||
id: run-analysis
|
||||
with:
|
||||
cmakeBuildDirectory: ${{ env.build }}
|
||||
# Ruleset file that will determine what checks will be run
|
||||
ruleset: NativeRecommendedRules.ruleset
|
||||
|
||||
# Upload SARIF file to GitHub Code Scanning Alerts
|
||||
- name: Upload SARIF to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
|
||||
|
||||
# Upload SARIF file as an Artifact to download and view
|
||||
# - name: Upload SARIF as an Artifact
|
||||
# uses: actions/upload-artifact@v2
|
||||
# with:
|
||||
# name: sarif-file
|
||||
# path: ${{ steps.run-analysis.outputs.sarif }}
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "CodeQL Analysis",
|
||||
"creator": "GitHub",
|
||||
"description": "Security analysis from GitHub for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
|
||||
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python"]
|
||||
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Microsoft C++ Code Analysis",
|
||||
"creator": "Microsoft",
|
||||
"description": "Code Analysis with the Microsoft C & C++ Compiler for CMake based projects.",
|
||||
"iconName": "microsoft",
|
||||
"categories": ["Code Scanning", "C", "C++"]
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
<svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" version="1.1" id="svg79" xml:space="preserve" width="533.33331" height="533.33331" viewBox="0 0 533.33331 533.33331" style="color: #23292e;"><title>microsoft</title>
|
||||
<metadata id="metadata85">
|
||||
<rdf:rdf>
|
||||
<cc:work rdf:about="">
|
||||
<dc:format>
|
||||
image/svg+xml
|
||||
</dc:format>
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"></dc:type>
|
||||
<dc:title></dc:title>
|
||||
</cc:work>
|
||||
</rdf:rdf>
|
||||
</metadata>
|
||||
<defs id="defs83">
|
||||
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath105">
|
||||
<path d="M 0,400 H 400 V 0 H 0 Z" id="path103"></path>
|
||||
</clipPath>
|
||||
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath119">
|
||||
<path d="M 80.797,80.296 H 319.705 V 319.204 H 80.797 Z" id="path117"></path>
|
||||
</clipPath>
|
||||
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath253">
|
||||
<path d="M 0,400 H 400 V 0 H 0 Z" id="path251"></path>
|
||||
</clipPath>
|
||||
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath403">
|
||||
<path d="M 0,400 H 400 V 0 H 0 Z" id="path401"></path>
|
||||
</clipPath>
|
||||
</defs>
|
||||
<g id="g87" transform="matrix(1.3333333,0,0,-1.3333333,0,533.33333)">
|
||||
<path d="M 0,0 H 400 V 400 H 0 Z" style="fill-opacity: 1; fill-rule: nonzero; stroke: none;" id="path89" fill="#FFFFFF"></path>
|
||||
<path d="M 194.342,205.658 H 80.796 v 113.546 h 113.546 z" style="fill-opacity: 1; fill-rule: nonzero; stroke: none;" id="path91" fill="#F25022"></path>
|
||||
<path d="M 319.704,205.658 H 206.158 v 113.546 h 113.546 z" style="fill-opacity: 1; fill-rule: nonzero; stroke: none;" id="path93" fill="#7FBA00"></path>
|
||||
<path d="M 194.342,80.296 H 80.796 v 113.546 h 113.546 z" style="fill-opacity: 1; fill-rule: nonzero; stroke: none;" id="path95" fill="#00A4EF"></path>
|
||||
<path d="M 319.704,80.296 H 206.158 v 113.546 h 113.546 z" style="fill-opacity: 1; fill-rule: nonzero; stroke: none;" id="path97" fill="#FFB900"></path>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 2.1 KiB |
Reference in New Issue
Block a user