Skip to content

Fix #175, CodeQL Action Workflow#165

Merged
astrogeco merged 1 commit intonasa:integration-candidatefrom
ArielSAdamsNASA:CodeQL
Jan 27, 2021
Merged

Fix #175, CodeQL Action Workflow#165
astrogeco merged 1 commit intonasa:integration-candidatefrom
ArielSAdamsNASA:CodeQL

Conversation

@ArielSAdamsNASA
Copy link
Contributor

@ArielSAdamsNASA ArielSAdamsNASA commented Dec 21, 2020
edited
Loading

Describe the contribution
Fix #175
Implemented CodeQL Action as a workflow to automatically detect common vulnerabilities and coding errors.

Expected behavior changes
Results should be displayed in the Security tab under Code Scanning Alerts. The workflow is triggered when code is pushed to any branch in a repository and during pull request events.
image

Additional context
For more information visit: https://github.com/github/codeql-action

Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal

@astrogeco
Copy link
Contributor

astrogeco commented Jan 4, 2021
edited
Loading

Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL?

@ArielSAdamsNASA
Copy link
Contributor Author

ArielSAdamsNASA commented Jan 4, 2021
edited
Loading

Do you have a sample of what our report looks like? I can't find it on your fork. Is there a configuration file for CodeQL?

@astrogeco CodeQL results will be found in the code scanning alerts section of the security tab. The configuration file for CodeQL is the codeql-build-cfs.yml file.

@astrogeco
Copy link
Contributor

astrogeco commented Jan 4, 2021

Cool!

I couldn't access your link but I was able to see the list at
https://github.com/nasa/cFS/security/code-scanning?query=ref%3Arefs%2Fpull%2F165%2Fmerge

@astrogeco
Copy link
Contributor

astrogeco commented Jan 4, 2021

For the configuration file, I meant something like this: https://github.com/github/codeql-action#configuration-file so we can specify which vulnerabilities to look for.

@ArielSAdamsNASA ArielSAdamsNASA added the CCB:Ignore Pull Request is NOT ready for discussion. Has open actions. Will be re-examined at by next CCB. label Jan 5, 2021
astrogeco
astrogeco reviewed Jan 8, 2021
View reviewed changes
@astrogeco astrogeco added CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) and removed CCB:Ignore Pull Request is NOT ready for discussion. Has open actions. Will be re-examined at by next CCB. labels Jan 14, 2021
astrogeco
astrogeco reviewed Jan 14, 2021
View reviewed changes
@astrogeco
Copy link
Contributor

astrogeco commented Jan 14, 2021

Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue.

@ArielSAdamsNASA ArielSAdamsNASA changed the title CodeQL Action Workflow Fix #175 CodeQL Action Workflow Jan 14, 2021
@ArielSAdamsNASA
Copy link
Contributor Author

ArielSAdamsNASA commented Jan 14, 2021

Opened #175. Please Update commit format and PR title to reflect that this PR closes that issue.

@astrogeco Completed.

skliper
skliper approved these changes Jan 14, 2021
View reviewed changes
Copy link
Contributor

@skliper skliper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me, but I haven't used CodeQL.

@astrogeco
Copy link
Contributor

astrogeco commented Jan 14, 2021

Looks fine to me, but I haven't used CodeQL.

CodeQL is the engine behind LGTM so we're technically using it.

@astrogeco astrogeco changed the title Fix #175 CodeQL Action Workflow Fix #175, CodeQL Action Workflow Jan 14, 2021
@astrogeco
Copy link
Contributor

astrogeco commented Jan 21, 2021

@ArielSAdamsNASA can you add a screenshot of what the code report looks like. It might be useful for the CCB

@astrogeco
Copy link
Contributor

astrogeco commented Jan 25, 2021

CCB:2021-01-21 APPROVED

@astrogeco astrogeco added IC:2021-01-19 and removed CCB:Ready Pull request is ready for discussion at the Configuration Control Board (CCB) CCB:2021-01-21 labels Jan 25, 2021
@astrogeco astrogeco changed the base branch from main to integration-candidate January 27, 2021 04:39
@astrogeco astrogeco merged commit 2dfbdd1 into nasa:integration-candidate Jan 27, 2021
@astrogeco astrogeco mentioned this pull request Jan 27, 2021
Closed
chillfig pushed a commit to chillfig/cFS that referenced this pull request Mar 17, 2022
@astrogeco
Merge pull request nasa#165 from jphickey/fix-60-cycletx-loop
d3ae3f9 
Fix nasa#60, rework loop in CF_CFDP_CycleTx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@skliper skliper skliper approved these changes

@astrogeco astrogeco astrogeco left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add GitHub Actions CodeQL Workflow

4 participants

@ArielSAdamsNASA @astrogeco @skliper @arielswalker