codeql
This commit is contained in:
haibo.chen
22
.github/codeql/codeql-config.yml
vendored
Normal file
22
.github/codeql/codeql-config.yml
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
name: "CodeQL Config"
|
||||
|
||||
# 指定要扫描的路径
|
||||
paths:
|
||||
- pkg
|
||||
- main
|
||||
|
||||
# 排除不需要扫描的路径
|
||||
paths-ignore:
|
||||
- '**/*_test.go'
|
||||
- 'html/**'
|
||||
- 'objs/**'
|
||||
- 'vendor/**'
|
||||
|
||||
# 使用的查询套件
|
||||
queries:
|
||||
- uses: security-extended
|
||||
- uses: security-and-quality
|
||||
|
||||
# 禁用默认查询(如果只想使用自定义查询)
|
||||
# disable-default-queries: true
|
||||
|
||||
52
.github/workflows/codeql.yml
vendored
Normal file
52
.github/workflows/codeql.yml
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "main" ]
|
||||
pull_request:
|
||||
branches: [ "main" ]
|
||||
schedule:
|
||||
# 每周一凌晨2点运行
|
||||
- cron: '0 2 * * 1'
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze Go Code
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: [ 'go' ]
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.23'
|
||||
cache: true
|
||||
|
||||
# 初始化 CodeQL
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
config-file: ./.github/codeql/codeql-config.yml
|
||||
|
||||
# 自动构建
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v3
|
||||
|
||||
# 执行 CodeQL 分析
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v3
|
||||
with:
|
||||
category: "/language:${{matrix.language}}"
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
# SRS-SIP
|
||||
|
||||
[](https://github.com/ossrs/srs-sip/actions/workflows/ci.yml)
|
||||
[](https://github.com/ossrs/srs-sip/actions/workflows/codeql.yml)
|
||||
[](https://codecov.io/gh/ossrs/srs-sip)
|
||||
[](https://goreportcard.com/report/github.com/ossrs/srs-sip)
|
||||
[](https://github.com/ossrs/srs-sip/blob/main/LICENSE)
|
||||
@ -46,6 +47,10 @@ go tool cover -func=coverage.out
|
||||
|
||||
For more details, see [Testing Guide](docs/TESTING.md).
|
||||
|
||||
## Security
|
||||
|
||||
This project uses CodeQL for automated security scanning. For more information about security practices and how to report vulnerabilities, see [Security Guide](docs/SECURITY.md).
|
||||
|
||||
## Docker
|
||||
|
||||
Use docker
|
||||
|
||||
Reference in New Issue
Block a user