Skip to content

Commit 748fc02

Browse files
derek73claude
andcommitted
Add CodeQL scanning workflow for Python
Uses the default query suite (not security-extended) and excludes tests/docs/dist from analysis to keep initial findings low-noise. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
1 parent a104373 commit 748fc02

2 files changed

Lines changed: 39 additions & 0 deletions

File tree

.github/codeql/codeql-config.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
name: "CodeQL config"
2+
3+
paths-ignore:
4+
- tests
5+
- docs
6+
- dist

.github/workflows/codeql.yml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
name: CodeQL
2+
3+
on:
4+
push:
5+
branches: [ master ]
6+
pull_request:
7+
branches: [ master ]
8+
schedule:
9+
- cron: '30 4 * * 1'
10+
11+
permissions:
12+
contents: read
13+
14+
jobs:
15+
analyze:
16+
name: Analyze (python)
17+
runs-on: ubuntu-latest
18+
permissions:
19+
security-events: write
20+
21+
steps:
22+
- uses: actions/checkout@v7
23+
24+
- name: Initialize CodeQL
25+
uses: github/codeql-action/init@v3
26+
with:
27+
languages: python
28+
config-file: ./.github/codeql/codeql-config.yml
29+
30+
- name: Perform CodeQL Analysis
31+
uses: github/codeql-action/analyze@v3
32+
with:
33+
category: "/language:python"

0 commit comments

Comments
 (0)