Skip to content
CodeQL Security Analysis

feat: add sandboxed Docker verification environment for data masking validation #54

Sign in to view logs

feat: add sandboxed Docker verification environment for data masking validation

feat: add sandboxed Docker verification environment for data masking validation #54

Workflow file for this run

.github/workflows/codeql.yml at 3df83e4
name: CodeQL Security Analysis
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 9 * * 1' # Every Monday at 9am UTC
jobs:
analyze-java:
name: Analyze Java/Kotlin
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: gradle
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java-kotlin
queries: security-extended
- name: Grant execute permission for gradlew
run: chmod +x backend/gradlew
- name: Build for CodeQL
run: cd backend && ./gradlew classes --no-daemon
env:
JWT_SECRET: codeql-placeholder-not-real
ENCRYPTION_KEY: codeql-placeholder-not-real
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:java-kotlin'
analyze-js:
name: Analyze JavaScript/TypeScript
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript-typescript
queries: security-extended
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:javascript-typescript'
analyze-go:
name: Analyze Go
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: cli/go.mod
cache-dependency-path: cli/go.sum
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: go
queries: security-extended
- name: Build for CodeQL
run: cd cli && go build ./...
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:go'