|
55 | 55 | permissions: |
56 | 56 | actions: read # for github/codeql-action/init to get workflow details |
57 | 57 | contents: read # for actions/checkout to fetch code |
| 58 | + packages: read |
58 | 59 | security-events: write # for github/codeql-action/autobuild to send a status report |
59 | 60 | name: Analyze |
60 | | - runs-on: ubuntu-24.04 |
61 | | - |
62 | | - strategy: |
63 | | - fail-fast: false |
64 | | - matrix: |
65 | | - language: ["go"] |
66 | | - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] |
67 | | - # Use only 'java' to analyze code written in Java, Kotlin or both |
68 | | - # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both |
69 | | - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support |
70 | | - |
71 | | - steps: |
72 | | - - name: Checkout repository |
73 | | - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 |
74 | | - |
75 | | - # Initializes the CodeQL tools for scanning. |
76 | | - - name: Initialize CodeQL |
77 | | - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 |
78 | | - with: |
79 | | - languages: ${{ matrix.language }} |
80 | | - # If you wish to specify custom queries, you can do so here or in a config file. |
81 | | - # By default, queries listed here will override any specified in a config file. |
82 | | - # Prefix the list here with "+" to use these queries and those in the config file. |
83 | | - |
84 | | - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs |
85 | | - # queries: security-extended,security-and-quality |
86 | | - |
87 | | - - name: Setup Golang Environment |
88 | | - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 |
89 | | - with: |
90 | | - go-version-file: go.mod |
91 | | - if: matrix.language == 'go' |
92 | | - |
93 | | - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). |
94 | | - # If this step fails, then you should remove it and run the build manually (see below) |
95 | | - - name: Autobuild |
96 | | - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 |
97 | | - |
98 | | - # ℹ️ Command-line programs to run using the OS shell. |
99 | | - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun |
100 | | - |
101 | | - # If the Autobuild fails above, remove it and uncomment the following three lines. |
102 | | - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. |
103 | | - |
104 | | - # - run: | |
105 | | - # echo "Run, Build Application using script" |
106 | | - # ./location_of_script_within_repo/buildscript.sh |
107 | | - |
108 | | - - name: Perform CodeQL Analysis |
109 | | - uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 |
110 | | - with: |
111 | | - category: "/language:${{matrix.language}}" |
| 61 | + uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@c903bfe6c668eaba362cde6a7882278bc1564401 # v0.1 |
| 62 | + with: |
| 63 | + requested_languages: go |
0 commit comments