diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml
index b32675e..57b4b69 100644
--- a/code-scanning/codeql.yml
+++ b/code-scanning/codeql.yml
@@ -34,8 +34,7 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
- # Learn more:
- # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+ # Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
diff --git a/code-scanning/mobsf.yml b/code-scanning/mobsf.yml
new file mode 100644
index 0000000..689a1a0
--- /dev/null
+++ b/code-scanning/mobsf.yml
@@ -0,0 +1,36 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: MobSF
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ mobile-security:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Setup python
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.8
+
+ - name: Run mobsfscan
+ uses: MobSF/mobsfscan@a60d10a83af68e23e0b30611c6515da604f06f65
+ with:
+ args: . --sarif --output results.sarif || true
+
+ - name: Upload mobsfscan report
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: results.sarif
\ No newline at end of file
diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml
new file mode 100644
index 0000000..1503319
--- /dev/null
+++ b/code-scanning/msvc.yml
@@ -0,0 +1,59 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# Find more information at:
+# https://github.com/microsoft/msvc-code-analysis-action
+
+name: Microsoft C++ Code Analysis
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+env:
+ # Path to the CMake build directory.
+ build: '${{ github.workspace }}/build'
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: windows-latest
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+
+ - name: Configure CMake
+ run: cmake -B ${{ env.build }}
+
+ # Build is not required unless generated source files are used
+ # - name: Build CMake
+ # run: cmake --build ${{ env.build }}
+
+ - name: Initialize MSVC Code Analysis
+ uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
+ # Provide a unique ID to access the sarif output path
+ id: run-analysis
+ with:
+ cmakeBuildDirectory: ${{ env.build }}
+ # Ruleset file that will determine what checks will be run
+ ruleset: NativeRecommendedRules.ruleset
+
+ # Upload SARIF file to GitHub Code Scanning Alerts
+ - name: Upload SARIF to GitHub
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+ # Upload SARIF file as an Artifact to download and view
+ # - name: Upload SARIF as an Artifact
+ # uses: actions/upload-artifact@v2
+ # with:
+ # name: sarif-file
+ # path: ${{ steps.run-analysis.outputs.sarif }}
diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json
index cb9305a..ddb4627 100644
--- a/code-scanning/properties/codeql.properties.json
+++ b/code-scanning/properties/codeql.properties.json
@@ -1,7 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
- "description": "Security analysis from GitHub for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
+ "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
- "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python"]
+ "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
}
diff --git a/code-scanning/properties/mobsf.properties.json b/code-scanning/properties/mobsf.properties.json
new file mode 100644
index 0000000..a6afbfa
--- /dev/null
+++ b/code-scanning/properties/mobsf.properties.json
@@ -0,0 +1,13 @@
+{
+ "name": "mobsf",
+ "creator": "mobsf",
+ "description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.",
+ "iconName": "mobsf",
+ "categories": [
+ "Code Scanning",
+ "Java",
+ "Swift",
+ "Objective-C",
+ "Kotlin"
+ ]
+}
\ No newline at end of file
diff --git a/code-scanning/properties/msvc.properties.json b/code-scanning/properties/msvc.properties.json
new file mode 100644
index 0000000..641d5e6
--- /dev/null
+++ b/code-scanning/properties/msvc.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Microsoft C++ Code Analysis",
+ "creator": "Microsoft",
+ "description": "Code Analysis with the Microsoft C & C++ Compiler for CMake based projects.",
+ "iconName": "microsoft",
+ "categories": ["Code Scanning", "C", "C++"]
+}
diff --git a/icons/microsoft.svg b/icons/microsoft.svg
new file mode 100644
index 0000000..990fa84
--- /dev/null
+++ b/icons/microsoft.svg
@@ -0,0 +1,34 @@
+
\ No newline at end of file
diff --git a/icons/mobsf.svg b/icons/mobsf.svg
new file mode 100644
index 0000000..46dd154
--- /dev/null
+++ b/icons/mobsf.svg
@@ -0,0 +1,114 @@
+
+
+