Enabling CodeQL scanning in repo #9302
tylerbutler
started this conversation in
Contributors
Replies: 2 comments
-
|
@evaliyev @karlbom @nedalhy @ruiterr FYI some of the issues revealed in my initial run are in PropertyDDS. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This was merged, and the code scanning alerts can be found at https://github.com/microsoft/FluidFramework/security/code-scanning. I think all contributors should have access to view them, but there may be differences between admins and non admins. If you're an expert in the area that one of the alerts regards, please feel free to dismiss them if appropriate (see screenshot), or file issues if the severity is low. #9317 is an example.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
See update below.
Later today I'll merge in #9277, which will enable GitHub CodeQL code scanner tool to run on PRs and periodically on the main branch.
It's likely that we will get a bunch of alerts when this starts running. For a preview, see the errors in my PR run here: https://github.com/microsoft/FluidFramework/pull/9277/checks?check_run_id=5368993125
These shouldn't block PR merges unless your PR introduces a new warning (docs here), but if you get blocked please ping me or @microsoft/fluid-cr-infra for help.
Beta Was this translation helpful? Give feedback.
All reactions