-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.github: scan JavaScript code with codeql #18423
Conversation
a982c3d
to
243b3f3
Compare
What's your goal here? One approach would be to ignore all current 70 issues to avoid introducing new ones, but if we are honest, we'll just never fix them then. Once we waive them away (which we need to to get green), they will be really hard to find again. So I'd rather do a different approach: Go over them once, fix the trivial stuff, and then change the codeql scan to only look at / fail on the 20 security alerts -- then fix/waive these (I think you said there are a lot of false positives?). Then we can fix the 12 warnings and 38 notes in separate steps. |
Yes, you are probably right here, once we ignore there is no way back.
I think I figured most trivial stuff. I've went through and marked all the test related things as non-applicable. The rest needs more investigation. |
This should be re-run as kdump was fixed. |
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
a631aef
to
a5e2763
Compare
a5e2763
to
3ec4d37
Compare
@martinpitt ok, there are now ~ 8 issues left of which I am unsure how to fix. So shall we merge it and then sort those out? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, sounds good! At least we'll prevent introducing new errors then.
This still has plenty of issues but I think it's time to start scanning