Skip to content

MAINT: Add CodeQL security scanning workflow #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Parent: STRY59476259: GitHub Release version v5.1.0
wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

MAINT: Add CodeQL security scanning workflow #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b13a579
updated readme file
sampath-methuku-sn Nov 2, 2023
26f3416
Merge branch 'dev'
sampath-methuku-sn Jan 31, 2024
5827b3b
STRY59476259: GitHub Release version v5.1.0 (#9)
maheshganjiSnc Jan 30, 2025
40ec6f5
Add CodeQL security scanning workflow
ankur-jain1-snow Oct 1, 2025
3e32b4c
MAINT:Enable CodeQL scanning for dev branch PRs
nitin-parashar Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "CodeQL Security Scan"

on:
pull_request:
branches: [ main, dev ]
schedule:
# Run every Monday at 00:00 UTC
- cron: '0 0 * * 1'
workflow_dispatch:

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-extended

- name: Autobuild
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ This custom action needs to be added at step level in a job to register security
On GitHub, go in your organization settings or repository settings, click on the _Secrets > Actions_ and create a new secret.

Create secrets called
For token based authentication which is available from v2.0.0, create secrets called
For token based authentication which is available from v3.0.0, create secrets called
- `SN_DEVOPS_INTEGRATION_TOKEN` required for token based authentication
- `SN_INSTANCE_URL` your ServiceNow instance URL, for example **https://test.service-now.com**
- `SN_ORCHESTRATION_TOOL_ID` only the **sys_id** is required for the GitHub tool created in your ServiceNow instance
Expand All @@ -29,7 +29,7 @@ Use needs to configure the identified upstream job. See [test.yml](.github/workf

## Step 4: Configure the GitHub Action if need to adapt for your needs or workflows

# For Token based Authentication which is available from v2.0.0 at ServiceNow instance
# For Token based Authentication which is available from v3.0.0 at ServiceNow instance

### GitHub-Veracode:
```yaml
Expand Down
2 changes: 1 addition & 1 deletion action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ branding:
icon: 'refresh-ccw'
color: 'green'
runs:
using: 'node16'
using: 'node20'
main: 'dist/index.js'
Loading
Loading