CodeQL #422

Workflow file for this run

	name: CodeQL

	on:
	workflow_dispatch:
	schedule:
	# At 05:30 on every day-of-week from Monday through Friday.
	- cron: "30 5 * * 1-5"

	jobs:
	analyze-java:
	name: Analyze Java (Kotlin)
	runs-on:
	labels: ubuntu-latest-8-cores
	timeout-minutes: 360
	permissions:
	actions: read
	contents: read
	security-events: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: java-kotlin
	queries: security-and-quality

	- name: Setup backend
	uses: ./.github/actions/setup-backend

	- name: Assemble
	run: ./gradlew assemble --no-build-cache --no-configuration-cache

	# Analyser med CodeQL
	# Siden CodeQL plukker opp filer generert av gradle så kjører vi også egne
	# actions for å filtrere vekk falske positiver via `filter-sarif`-steget
	# https://github.com/advanced-security/filter-sarif
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:java"
	output: sarif-results
	upload: failure-only

	- name: Filter out false positivies
	uses: advanced-security/filter-sarif@v1
	with:
	patterns: \|
	-.gradle/**
	input: sarif-results/java.sarif
	output: sarif-results/java.sarif

	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: sarif-results/java.sarif

	- name: Upload results
	uses: actions/upload-artifact@v4
	with:
	name: sarif-results
	path: sarif-results
	retention-days: 1

	analyze-javascript:
	name: Analyze Javascript (Typescript)
	runs-on:
	labels: ubuntu-latest-8-cores
	timeout-minutes: 360
	permissions:
	actions: read
	contents: read
	security-events: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: javascript-typescript
	queries: security-and-quality

	- name: Setup frontend
	uses: ./.github/actions/setup-frontend # For å trigge post-install script for @mr/api-client
	env:
	NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:javascript"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CodeQL #422

Workflow file

CodeQL #422

Jobs

Run details

Workflow file for this run