Dependabot collection 2025wk20 #306

	name: CodeQL

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main

	permissions:
	actions: read
	checks: write
	contents: read
	security-events: write

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest

	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout
	id: checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Initialize CodeQL
	id: initialize
	uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
	with:
	queries: security-extended
	languages: TypeScript
	source-root: src

	- name: Autobuild
	id: autobuild
	uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17

	- name: Perform CodeQL Analysis
	id: analyze
	uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17

Provide feedback