Merge pull request #2725 from github/aeisenberg/enable-actions-analysis

Add actions analysis to code scanning
2025-01-29 14:16:07 -08:00 · 2025-01-29 14:16:07 -08:00 · e9987ad0c1
commit e9987ad0c1
parent cf6550fa50 50954e7f00
2 changed files with 30 additions and 2 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -70,7 +70,7 @@ jobs:
        echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
        echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT

-  build:
+  analyze-javascript:
    needs: [check-codeql-versions]
    strategy:
      fail-fast: false
@ -81,7 +81,7 @@ jobs:

    permissions:
      contents: read
-      security-events: write # needed to upload results
+      security-events: write

    steps:
    - name: Checkout
@ -100,3 +100,27 @@ jobs:
      uses: ./analyze
      with:
        category: "/language:javascript"
+
+
+  analyze-actions:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        languages: actions
+        config-file: ./.github/codeql/codeql-actions-config.yml
+    - name: Perform CodeQL Analysis
+      uses: ./analyze
+      with:
+        category: "/language:actions"