chore: codeql analysis action (#548)

* Create codeql-analysis.yml * fix: custom codeql config * fix: ignore codeqldb dir * fix: use config file in codeql workflow Co-authored-by: Johnny Almonte <johnny243@users.noreply.github.com>
2021-04-26 13:59:48 -04:00
parent 70a2f7dab7
commit 7679ba7c61
6 changed files with 90 additions and 0 deletions
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,12 @@
+name: "Custom CodeQL Config"
+
+queries:
+- uses: security-and-quality
+- uses: ./.github/codeql/custom-queries/javascript
+
+paths:
+- app/assets/javascripts
+
+paths-ignore:
+- bin
+- node_modules
--- a/.github/codeql/custom-queries/javascript/qlpack.yml
+++ b/.github/codeql/custom-queries/javascript/qlpack.yml
@@ -0,0 +1,4 @@
+name: custom-javascript-queries
+version: 0.0.0
+libraryPathDependencies:
+- codeql-javascript