forked from Cognigy/Webchat
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcodeql-config.yml
More file actions
50 lines (46 loc) · 1.58 KB
/
codeql-config.yml
File metadata and controls
50 lines (46 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# CodeQL configuration for Webchat source-only scanning.
# This configuration is intended for the codeql:scan:src script.
# It explicitly ignores the compiled output in dist/ so source findings
# do not include duplicated or transformed code from bundles.
#
# Usage example:
# codeql database create codeql-db \
# --language=javascript \
# --source-root=. \
# --codescanning-config=codeql-config.yml
# codeql database analyze codeql-db codeql/javascript-queries \
# --format=sarifv2.1.0 --output=codeql-results-src.sarif
#
# Adjust paths / exclusions if new source directories are added.
name: "Webchat source scan (exclude dist)"
# Directories to include (limit to authored source).
paths:
- src
- update-license.js
- webpack.dev.js
- webpack.es.js
- webpack.production.js
# Exclude build artifacts and large or generated folders.
paths-ignore:
- dist/**
- node_modules/** # Drop dependency code for source-only scan
- coverage/**
- .cache/**
- "**/*.d.ts" # Declaration files are not executable
- cypress/** # Test runner code
- "**/__tests__/**"
- "**/test/**"
# Optional: Uncomment to focus on a narrower query suite.
# For now we rely on the default 'codeql/javascript-queries' pack used in analyze.
# query-filters:
# - include:
# id: js/incomplete-sanitization
# - include:
# id: js/overly-large-range
# - include:
# id: js/incomplete-hostname-regexp
# - include:
# id: js/html-constructed-from-input
# To expand experimental queries, uncomment:
# packs:
# - codeql/javascript-experimental@@latest