Skip to content

Created access-keys folder #1125

Created access-keys folder

Created access-keys folder #1125

name: "CodeQL"
on:
push:
branches: [master,development]
pull_request:
branches: [master]
schedule:
- cron: '0 0 * * 4'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ['java', 'javascript']
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Maven
uses: stCarolas/[email protected]
with:
maven-version: 3.8.7
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Autobuild
if: matrix.language == 'javascript'
uses: github/codeql-action/autobuild@v2
- name: Set up JDK 17
if: matrix.language == 'java'
uses: actions/setup-java@v3
with:
java-version: 17
distribution: "temurin"
- name: Build Java
if: matrix.language == 'java'
run: mvn clean package -Dmaven.test.skip
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
upload: False
output: sarif-results
- name: Filter SARIF results
uses: advanced-security/filter-sarif@v1
if: ${{ matrix.language == 'java' }}
with:
patterns: |
-roda-core/roda-core/src/main/java/org/roda/core/storage/ExternalFileManifestContentPayload.java:java/path-injection
-roda-core/roda-core/src/main/java/org/roda/core/storage/fs/FSUtils.java:java/path-injection
input: sarif-results/java.sarif
output: sarif-results/java.sarif
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-results/${{ matrix.language }}.sarif