mirrors/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f06ba05405d9dea1954e8bf60855353abe5f29a9
keycloak/.github/workflows/codeql-analysis.yml
Bruno Oliveira da Silva f06ba05405 The CodeQL analysis is broken due to the large content of the SARIF file (#10606) 
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:

```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif

```

Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.

Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #10203

Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
2022-03-11 13:55:17 +01:00

73 lines
2.4 KiB
YAML
Raw Blame History

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
on:
# Disable for push and pull_request until https://github.com/keycloak/keycloak/issues/10203 is resolved
push:
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
schedule:
- cron: '0 9 * * 2'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
security-events: write
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['java', 'javascript']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install CodeQL
run: ${GITHUB_WORKSPACE}/.github/scripts/codeql/codeql-install.sh
- uses: actions/setup-java@v2
if: ${{ matrix.language == 'java' }}
with:
distribution: 'temurin'
java-version: '11'
- name: Update maven settings
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
# Create the codeql database for Java
- name: Create CodeQL Java database
if: ${{ matrix.language == 'java' }}
run: ${GITHUB_WORKSPACE}/.github/scripts/codeql/codeql-database-create.sh java
# Run the analysis for Java
- name: Run CodeQL analysis for Java
if: ${{ matrix.language == 'java' }}
run: ${GITHUB_WORKSPACE}/.github/scripts/codeql/codeql-analyze.sh java
# Create the codeql database for JavaScript
- name: Create CodeQL JavaScript database
if: ${{ matrix.language == 'javascript' }}
run: ${GITHUB_WORKSPACE}/.github/scripts/codeql/codeql-database-create.sh javascript
# Run the analysis for JavaScript
- name: Run CodeQL analysis for JavaScript
if: ${{ matrix.language == 'javascript' }}
run: ${GITHUB_WORKSPACE}/.github/scripts/codeql/codeql-analyze.sh javascript
Reference in New Issue View Git Blame Copy Permalink