.github: scan JavaScript code with codeql #18423
Conversation
jelly
added
the
no-test
jelly
force-pushed
the
gh-code-scanning
branch
from
a982c3d
to
243b3f3
Compare
|
What's your goal here? One approach would be to ignore all current 70 issues to avoid introducing new ones, but if we are honest, we'll just never fix them then. Once we waive them away (which we need to to get green), they will be really hard to find again. So I'd rather do a different approach: Go over them once, fix the trivial stuff, and then change the codeql scan to only look at / fail on the 20 security alerts -- then fix/waive these (I think you said there are a lot of false positives?). Then we can fix the 12 warnings and 38 notes in separate steps. |
Yes, you are probably right here, once we ignore there is no way back.
I think I figured most trivial stuff. I've went through and marked all the test related things as non-applicable. The rest needs more investigation. |
|
This should be re-run as kdump was fixed. |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
jelly
force-pushed
the
gh-code-scanning
branch
2 times, most recently
from
a631aef
to
a5e2763
Compare
jelly
force-pushed
the
gh-code-scanning
branch
from
a5e2763
to
3ec4d37
Compare
jelly
added
the
.github-changes
|
@martinpitt ok, there are now ~ 8 issues left of which I am unsure how to fix. So shall we merge it and then sort those out? |
This still has plenty of issues but I think it's time to start scanning