Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL variant analysis scanning #244

Closed
wants to merge 1 commit into from
Closed

Add CodeQL variant analysis scanning #244

wants to merge 1 commit into from

Conversation

dfarrell07
Copy link
Member

This is a different type of static analysis than others we run.

It identified new issues (already fixed) that our other tools missed.

The company that built it was bought by GitHub and the tool is being
integrated into GitHub's security workflow.

Add one unprivileged version of the job to gate PRs and one privileged
version on-merge to report results.

Relates-to: submariner-io/submariner#1970
Signed-off-by: Daniel Farrell [email protected]

@dfarrell07 dfarrell07 self-assigned this Aug 30, 2022
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr244/dfarrell07/codeql
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@dfarrell07 dfarrell07 mentioned this pull request Aug 30, 2022
Closed
@dfarrell07 dfarrell07 marked this pull request as draft August 30, 2022 23:48
@stale
Copy link

stale bot commented Sep 20, 2022

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Sep 20, 2022
@dfarrell07
Add CodeQL variant analysis scanning
d90e99d 
This is a different type of static analysis than others we run.

> Variant analysis is the process of using a known security
vulnerability as a seed to find similar problems in your code.

https://codeql.github.com/docs/codeql-overview/about-codeql/

CodeQL doesn't only do variant analysis for security issues, it also has semantic queries/rules for other types of issues.

https://github.com/github/codeql/tree/main/go/ql/src

It identified new issues (already fixed) that our other tools missed.

The company that built it was bought by GitHub and the tool is being integrated into GitHub's security workflow.

Add one unprivileged version of the job to gate PRs and one privileged version on-merge to report results.

Relates-to: #1970
Signed-off-by: Daniel Farrell <[email protected]>
@stale stale bot removed the wontfix This will not be worked on label Sep 29, 2022
@stale
Copy link

stale bot commented Oct 14, 2022

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Oct 14, 2022
@dfarrell07 dfarrell07 removed the wontfix This will not be worked on label Oct 18, 2022
@stale
Copy link

stale bot commented Nov 1, 2022

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Nov 1, 2022
@dfarrell07
Copy link
Member Author

Let's talk about this on the parallel PR on the main repo.

@dfarrell07 dfarrell07 closed this Nov 8, 2022
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr244/dfarrell07/codeql]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jaanki Jaanki Awaiting requested review from Jaanki Jaanki is a code owner

@mkolesnik mkolesnik Awaiting requested review from mkolesnik mkolesnik is a code owner

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@skitt skitt Awaiting requested review from skitt skitt is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

@tpantelis tpantelis Awaiting requested review from tpantelis tpantelis is a code owner

@vthapar vthapar Awaiting requested review from vthapar vthapar will be requested when the pull request is marked ready for review vthapar is a code owner

Assignees

@dfarrell07 dfarrell07

Labels
automation wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dfarrell07 @submariner-bot