Skip to content

Implement CodeQL Workflow for Enhanced Security Scanning Across Multiple .NET Versions #456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Implement CodeQL Workflow for Enhanced Security Scanning Across Multiple .NET Versions #456

Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
267020e
Add CodeQL
DJStompZone Feb 24, 2024
1c72812
Update codeql.yml
DJStompZone Feb 24, 2024
442056a
Update codeql.yml
DJStompZone Feb 24, 2024
8fe558f
Update codeql.yml
DJStompZone Feb 24, 2024
c4ccda3
Update codeql.yml
DJStompZone Feb 24, 2024
19c33a7
Update codeql.yml
DJStompZone Feb 24, 2024
d30581f
Update codeql.yml
DJStompZone Feb 24, 2024
3f06aeb
Update codeql.yml
DJStompZone Feb 24, 2024
7405cee
Update codeql.yml
DJStompZone Feb 24, 2024
f15a81c
Update codeql.yml
DJStompZone Feb 24, 2024
d931c11
Update codeql.yml
DJStompZone Feb 24, 2024
6fb0e5f
Update codeql.yml
DJStompZone Feb 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: "CodeQL"

on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
inputs:
dotnetVersion:
description: 'Override .NET Version (Default: 6.0.x, 7.0.x, 8.0.x)'
required: false
default: ''
latestOnly:
description: 'Scan with only the latest Windows runner (true/false)'
required: false
default: 'false'

jobs:
setup_matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.result }}
steps:
- uses: actions/github-script@v7
id: set-matrix
with:
result-encoding: string
script: |
const latestOnly = "${{ github.event.inputs.latestOnly }}" == 'true';
const dotnetVersions = ["6.0.x", "7.0.x", "8.0.x"];
const osVersions = latestOnly ? ['windows-latest'] : ['windows-2019', 'windows-latest'];
const matrix = { include: [] };
for (const osVersion of osVersions) {
for (const dotnetVersion of dotnetVersions) {
matrix.include.push({ os: osVersion, 'dotnet-version': dotnetVersion });
}
}
return JSON.stringify(matrix);




analyze:
needs: setup_matrix
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: 'true'

- name: Fetch Submodules Recursively
run: git submodule update --init --recursive

- name: .NET Setup
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ matrix.dotnet-version }}

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'csharp'

- name: Autobuild
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3