From bf29e70275fd161f9fc2b14d58f98bb84063869f Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Tue, 4 Mar 2025 10:01:13 -0600 Subject: [PATCH 1/2] Initial commit for CodeQL --- .github/codeql.yml | 26 ++++++++++++++++++++++++++ .github/dependency-review.yml | 10 ++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .github/codeql.yml create mode 100644 .github/dependency-review.yml diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..796968d --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,26 @@ +name: CodeQL (Swift) - SAST + +on: + pull_request: + push: + workflow_dispatch: + +jobs: + analyze: + name: Code Scanning - CodeQL + runs-on: ubuntu-latest + timeout-minutes: 25 + permissions: + security-events: write + packages: read + actions: read + contents: read + strategy: + fail-fast: false + steps: + - uses: hyperwallet/public-security-workflows/codeql@main + with: + language: java + build-mode: 'none' + timeout-minutes: 25 + diff --git a/.github/dependency-review.yml b/.github/dependency-review.yml new file mode 100644 index 0000000..19140c5 --- /dev/null +++ b/.github/dependency-review.yml @@ -0,0 +1,10 @@ +name: CodeQL Dependency Review - SCA + +on: + pull_request: + push: + workflow_dispatch: + +jobs: + dependency-review: + uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main \ No newline at end of file From ecafacb981bf87645e689da9931fe8ebb01e1331 Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Tue, 4 Mar 2025 10:39:43 -0600 Subject: [PATCH 2/2] Updating language --- .github/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/codeql.yml b/.github/codeql.yml index 796968d..64b07c7 100644 --- a/.github/codeql.yml +++ b/.github/codeql.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: hyperwallet/public-security-workflows/codeql@main with: - language: java - build-mode: 'none' + language: swift + build-mode: 'manual' timeout-minutes: 25