Skip to content

chore(ci): enable CodeQL #11604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zerosnacks merged 4 commits into from
Sep 10, 2025
Merged

chore(ci): enable CodeQL #11604

zerosnacks merged 4 commits into from
Sep 10, 2025

Conversation

@zerosnacks
Copy link
Member

@zerosnacks zerosnacks commented Sep 10, 2025
edited
Loading

Motivation

This PR introduces CodeQL code scanning initially just focused on Github actions as it is fast to run.

https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql

Results are reported privately in the security tab.

Solution

This workflow was derived from the default workflow example Github provides enhanced with concurrency cancel in progress, updated cron to run daily and allow workflow dispatch. Trigger on cron, pull requests and pushes to master.

This can later be expanded to cover Rust (currently in preview mode & will require custom build / caches to run efficiently).

PR Checklist

  • Added Tests
  • Added Documentation
  • Breaking changes

@github-advanced-security
Copy link

github-advanced-security bot commented Sep 10, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@zerosnacks zerosnacks moved this to Ready For Review in Foundry Sep 10, 2025
@zerosnacks zerosnacks marked this pull request as ready for review September 10, 2025 16:09
@zerosnacks zerosnacks self-assigned this Sep 10, 2025
@zerosnacks zerosnacks added this to the v1.4.0 milestone Sep 10, 2025
@zerosnacks zerosnacks merged commit 81d50d9 into master Sep 10, 2025
25 checks passed
@zerosnacks zerosnacks deleted the zerosnacks/enable-code-ql branch September 10, 2025 16:22
@github-project-automation github-project-automation bot moved this from Ready For Review to Done in Foundry Sep 10, 2025
@grandizzy grandizzy moved this from Done to Completed in Foundry Sep 15, 2025
MerkleBoy pushed a commit to MerkleBoy/foundry that referenced this pull request Sep 17, 2025
@zerosnacks @MerkleBoy
chore(ci): enable CodeQL (foundry-rs#11604)
e11e9e1 
* enable CodeQL

* move into workflow

* perform actions scanning first, can add Rust later as it requires more configuration, add daily cron
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grandizzy grandizzy grandizzy approved these changes

@DaniPopes DaniPopes Awaiting requested review from DaniPopes DaniPopes is a code owner

@klkvr klkvr Awaiting requested review from klkvr

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@yash-atreya yash-atreya Awaiting requested review from yash-atreya

@onbjerg onbjerg Awaiting requested review from onbjerg onbjerg is a code owner

@0xrusowsky 0xrusowsky Awaiting requested review from 0xrusowsky 0xrusowsky is a code owner

Assignees

@zerosnacks zerosnacks

Labels

None yet

Projects

Foundry
Status: Completed

Milestone

v1.4.0

Development

Successfully merging this pull request may close these issues.

3 participants

@zerosnacks @grandizzy