diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml
new file mode 100644
index 0000000..0c65813
--- /dev/null
+++ b/code-scanning/detekt.yml
@@ -0,0 +1,118 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow performs a static analysis of your Kotlin source code using
+# Detekt.
+#
+# Scans are triggered:
+# 1. On every push to default and protected branches
+# 2. On every Pull Request targeting the default branch
+# 3. On a weekly schedule
+# 4. Manually, on demand, via the "workflow_dispatch" event
+#
+# The workflow should work with no modifications, but you might like to use a
+# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
+# environment variable.
+name: Scan with Detekt
+
+on:
+ # Triggers the workflow on push or pull request events but only for default and protected branches
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+env:
+ # Release tag associated with version of Detekt to be installed
+ # SARIF support (required for this workflow) was introduced in Detekt v1.15.0
+ DETEKT_RELEASE_TAG: v1.15.0
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "scan"
+ scan:
+ name: Scan
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - uses: actions/checkout@v3
+
+ # Gets the download URL associated with the $DETEKT_RELEASE_TAG
+ - name: Get Detekt download URL
+ id: detekt_info
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
+ query getReleaseAssetDownloadUrl($tagName: String!) {
+ repository(name: "detekt", owner: "detekt") {
+ release(tagName: $tagName) {
+ releaseAssets(name: "detekt", first: 1) {
+ nodes {
+ downloadUrl
+ }
+ }
+ tagCommit {
+ oid
+ }
+ }
+ }
+ }
+ ' 1> gh_response.json
+
+ DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
+ if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
+ echo "Release tag doesn't match expected commit SHA"
+ exit 1
+ fi
+
+ DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
+ echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
+
+ # Sets up the detekt cli
+ - name: Setup Detekt
+ run: |
+ dest=$( mktemp -d )
+ curl --request GET \
+ --url ${{ steps.detekt_info.outputs.download_url }} \
+ --silent \
+ --location \
+ --output $dest/detekt
+ chmod a+x $dest/detekt
+ echo $dest >> $GITHUB_PATH
+
+ # Performs static analysis using Detekt
+ - name: Run Detekt
+ continue-on-error: true
+ run: |
+ detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
+
+ # Modifies the SARIF output produced by Detekt so that absolute URIs are relative
+ # This is so we can easily map results onto their source files
+ # This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
+ - name: Make artifact location URIs relative
+ continue-on-error: true
+ run: |
+ echo "$(
+ jq \
+ --arg github_workspace ${{ github.workspace }} \
+ '. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
+ ${{ github.workspace }}/detekt.sarif.json
+ )" > ${{ github.workspace }}/detekt.sarif.json
+
+ # Uploads results to GitHub repository using the upload-sarif action
+ - uses: github/codeql-action/upload-sarif@v2
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: ${{ github.workspace }}/detekt.sarif.json
+ checkout_path: ${{ github.workspace }}
diff --git a/code-scanning/eslint.yml b/code-scanning/eslint.yml
new file mode 100644
index 0000000..54b01c8
--- /dev/null
+++ b/code-scanning/eslint.yml
@@ -0,0 +1,50 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# ESLint is a tool for identifying and reporting on patterns
+# found in ECMAScript/JavaScript code.
+# More details at https://github.com/eslint/eslint
+# and https://eslint.org
+
+name: ESLint
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ eslint:
+ name: Run eslint scanning
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ security-events: write
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Install ESLint
+ run: |
+ npm install eslint@8.10.0
+ npm install @microsoft/eslint-formatter-sarif@2.1.7
+
+ - name: Run ESLint
+ run: npx eslint .
+ --config .eslintrc.js
+ --ext .js,.jsx,.ts,.tsx
+ --format @microsoft/eslint-formatter-sarif
+ --output-file eslint-results.sarif
+ continue-on-error: true
+
+ - name: Upload analysis results to GitHub
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: eslint-results.sarif
+ wait-for-processing: true
\ No newline at end of file
diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json
index ddb4627..8ee80b4 100644
--- a/code-scanning/properties/codeql.properties.json
+++ b/code-scanning/properties/codeql.properties.json
@@ -1,6 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
+ "enterprise": true,
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
diff --git a/code-scanning/properties/detekt.properties.json b/code-scanning/properties/detekt.properties.json
new file mode 100644
index 0000000..c133cc1
--- /dev/null
+++ b/code-scanning/properties/detekt.properties.json
@@ -0,0 +1,8 @@
+{
+ "name": "Detekt",
+ "creator": "Detekt",
+ "description": "Static code analysis for Kotlin",
+ "iconName": "detekt",
+ "categories": ["Code Scanning", "Kotlin"],
+ "enterprise": false
+}
diff --git a/code-scanning/properties/eslint.properties.json b/code-scanning/properties/eslint.properties.json
new file mode 100644
index 0000000..2a1271f
--- /dev/null
+++ b/code-scanning/properties/eslint.properties.json
@@ -0,0 +1,12 @@
+{
+ "name": "ESLint",
+ "description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
+ "iconName": "eslint",
+ "enterprise": false,
+ "categories": [
+ "Code Scanning",
+ "JavaScript",
+ "EcmaScript",
+ "TypeScript"
+ ]
+}
diff --git a/icons/detekt.svg b/icons/detekt.svg
new file mode 100644
index 0000000..1526170
--- /dev/null
+++ b/icons/detekt.svg
@@ -0,0 +1,32 @@
+
diff --git a/icons/eslint.svg b/icons/eslint.svg
new file mode 100644
index 0000000..23964aa
--- /dev/null
+++ b/icons/eslint.svg
@@ -0,0 +1 @@
+
\ No newline at end of file