-
Notifications
You must be signed in to change notification settings - Fork 8
41 lines (34 loc) · 1.19 KB
/
codeql-actions.yml
File metadata and controls
41 lines (34 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
## Copyright (C) 2026 - 2026 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## AI-Assisted
## Consumer wrapper for the 'actions' CodeQL language - workflow
## YAML security analysis (missing-permissions, script-injection,
## unversioned-immutable-actions, etc.). Docs live in the reusable:
## https://github.com/org-ai-assisted/developer-meta-files/blob/master/.github/workflows/reusable-codeql.yml
##
## Cronless on purpose: this file is propagated byte-identically
## across repos by pkg_update_consumer_workflows, and per-repo cron
## slots would force a post-cp rewrite. Push / PR / workflow_dispatch
## triggers cover the scan-on-change cases; rule-refresh re-scans
## can be kicked manually from the Actions tab.
name: CodeQL Actions
on:
push:
branches: [master]
pull_request:
branches: [master]
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
actions:
uses: org-ai-assisted/developer-meta-files/.github/workflows/reusable-codeql.yml@master
with:
language: actions
permissions:
security-events: write
contents: read