Note: Code Scanning is currently in Beta - Join the waitlist using this link
For demonstration, I will use a repository with known security vulnerabilities and coding errors, former of which were also tacked using GitHub Native Dependabot Application, to see that blog, please visit the link below.
Let's take a look at the GitHub Actions Job YML script and understand few important points:
- When will the Action perform the analysis:
1. Event Driven:
i. Push - Push event on master branch ii. Pull_request - Pull Request on master or any sub branch.
2. Time Driven: Cron Schedules can be created. Cron is an open source package used to schedule tasks and events. To learn more about Cron Jobs, use this link.
It will take few minutes for the CodeQL Engine to analyze your repository for the first time. Wait till the Action jobs have successfully finished.
There were no errors or security issues in this repository.
In Part 3, I will create a demo repository and add intentional code and security errors and let's see how CodeQL Engine would help us with it. 😄
The posts are meant to spread awareness about the latest tips and tricks for upcoming and trending technologies in the software world.