ExternalVendorCode/openmct
1
0
Fork 0
mirror of https://github.com/nasa/openmct.git synced 2025-06-22 17:08:57 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

4417 fix codeql issues (#5793)

Browse Source 
* Add release to codeql and queries to match lgtm

* Add lgtm config file

* Custom codeQL config to ignore app.js

* Custom config for lgtm

* Remove query filter for lgtm

* Updated the security test docs

* Remove lgtm.yml and delete app.js references

* Update codeql-config.yml

Co-authored-by: Alize Nguyen <alizenguyen@gmail.com>
Co-authored-by: Andrew Henry <akhenry@gmail.com>
This commit is contained in:
Michael Rogers
2022-10-07 11:30:09 -05:00
committed by GitHub
parent 866859a937
commit 026eb86f5f
3 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/codeql/codeql-config.yml vendored Normal file
View File

@ -0,0 +1 @@
name: 'Custom CodeQL config'

9
.github/workflows/codeql-analysis.yml vendored
View File

@ -1,11 +1,10 @@
name: 'CodeQL'
name: "CodeQL"
on: on:
push: push:
branches: [ master ] branches: [master, 'release/*']
pull_request: pull_request:
branches: [ master ] branches: [master, 'release/*']
paths-ignore: paths-ignore:
- '**/*Spec.js' - '**/*Spec.js'
- '**/*.md' - '**/*.md'
@ -34,7 +33,9 @@ jobs:
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v2 uses: github/codeql-action/init@v2
with: with:
config-file: ./.github/codeql/codeql-config.yml
languages: javascript languages: javascript
queries: security-and-quality
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v2 uses: github/codeql-action/autobuild@v2

2
README.md
View File

@ -100,7 +100,7 @@ To run the performance tests:
The test suite is configured to all tests localed in `e2e/tests/` ending in `*.e2e.spec.js`. For more about the e2e test suite, please see the [README](./e2e/README.md) The test suite is configured to all tests localed in `e2e/tests/` ending in `*.e2e.spec.js`. For more about the e2e test suite, please see the [README](./e2e/README.md)
### Security Tests ### Security Tests
Each commit is analyzed for known security vulnerabilities using [CodeQL](https://codeql.github.com/docs/codeql-language-guides/codeql-library-for-javascript/) and our overall security report is available on [LGTM](https://lgtm.com/projects/g/nasa/openmct/) Each commit is analyzed for known security vulnerabilities using [CodeQL](https://codeql.github.com/docs/codeql-language-guides/codeql-library-for-javascript/) and our overall security report is available on [LGTM](https://lgtm.com/projects/g/nasa/openmct/). The list of CWE coverage items is avaiable in the [CodeQL docs](https://codeql.github.com/codeql-query-help/javascript-cwe/). The CodeQL workflow is specified in the [CodeQL analysis file](./.github/workflows/codeql-analysis.yml) and the custom [CodeQL config](./.github/codeql/codeql-config.yml).
### Test Reporting and Code Coverage ### Test Reporting and Code Coverage