Skip to content

Add CodeQL security analysis workflow#162

Closed
vharseko wants to merge 6 commits into
OpenIdentityPlatform:masterfrom
vharseko:vharseko-patch-1
Closed

Add CodeQL security analysis workflow#162
vharseko wants to merge 6 commits into
OpenIdentityPlatform:masterfrom
vharseko:vharseko-patch-1

Conversation

@vharseko

@vharseko vharseko commented Jul 9, 2026

Copy link
Copy Markdown
Member

Summary

Adds a CodeQL code-scanning workflow (.github/workflows/codeql.yml), adapted from the OpenAM CodeQL setup and tailored to OpenIG's layout.

  • Analyzes java-kotlin, javascript-typescript (openig-ui / openig-doc), and actions.
  • Uses build-mode: none for all languages — CodeQL extracts straight from source, avoiding the expensive multi-module Maven autobuild. A commented-out manual Maven build is included for higher-precision dataflow if ever needed.
  • Runs on push/PR to master, a weekly schedule (Mon 03:27 UTC), and manual dispatch.
  • security-and-quality query suite; paths-ignore excludes tests, node_modules, generated target//bin/ output, and *.min.js.
  • Least-privilege permissions + concurrency cancellation of superseded runs.
  • Dropped OpenAM's csharp language (OpenIG has no C# source).

Note

This branch also carries earlier commits already present on it: three test fixes (MdcScheduledExecutorServiceDelegateTest, ClientRegistrationFilterTest, PolicyEnforcementFilterTest) and an OpenAM dependency version bump.

@vharseko
vharseko requested a review from maximthomas July 9, 2026 11:37
@vharseko vharseko added enhancement dependencies Pull requests that update a dependency file java Pull requests that update Java code security Security fixes and CVE / vulnerability updates ci Build, CI/CD, and GitHub Actions changes labels Jul 9, 2026
@vharseko

vharseko commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

Closing in favour of #163, which is branched cleanly off master and contains only the CodeQL workflow. This PR was mistakenly opened from a stale branch (vharseko-patch-1) that carried unrelated commits.

@vharseko vharseko closed this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci Build, CI/CD, and GitHub Actions changes dependencies Pull requests that update a dependency file enhancement java Pull requests that update Java code security Security fixes and CVE / vulnerability updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant