This repository uses CodeQL for automated security vulnerability scanning.
The CodeQL workflow (.github/workflows/codeql.yml) is configured to:
- Scan Java/Kotlin code (the primary language used in this Kotlin Multiplatform project)
- Run on pushes to
mainbranch - Run on pull requests to
mainbranch - Run weekly on Sundays (scheduled scan)
Previously, the GitHub default setup was attempting to scan for "GitHub Actions" code, which resulted in failures because:
- This repository is primarily a Kotlin Multiplatform project
- There is no JavaScript/TypeScript Actions code to scan
- The CodeQL scanner couldn't find any relevant code
By creating this custom workflow, we explicitly configure CodeQL to scan the correct language (Java/Kotlin) for security vulnerabilities.
If you need to modify the CodeQL configuration:
- Edit
.github/workflows/codeql.yml - Change the
languagematrix if you add new languages to the project - Adjust the schedule if you want different scan frequencies
- Add custom queries if needed for specific security checks