diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..2c49d9d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,27 @@ +name: CodeQL + +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: '27 4 * * 3' + +permissions: + contents: read + +jobs: + analyze: + # Centralized in cuioss-organization, matching every other security/CI workflow in this repo. + # The reusable workflow fixes the query suite to +security-and-quality org-wide; + # build-mode: none analyses the sources directly (no Maven build needed for this + # zero-dependency library). + uses: cuioss/cuioss-organization/.github/workflows/reusable-codeql.yml@181cc6a24d4c2b6fe7378b9ac94ac3df4665de7b # v0.7.0 + permissions: + security-events: write + contents: read + actions: read + with: + languages: '["java"]' + build-mode: none diff --git a/README.adoc b/README.adoc index 325392b..9f27f6a 100644 --- a/README.adoc +++ b/README.adoc @@ -3,6 +3,7 @@ == Status image:https://github.com/cuioss/cui-java-tools/actions/workflows/maven.yml/badge.svg[Java CI with Maven,link=https://github.com/cuioss/cui-java-tools/actions/workflows/maven.yml] +image:https://github.com/cuioss/cui-java-tools/actions/workflows/codeql.yml/badge.svg[CodeQL,link=https://github.com/cuioss/cui-java-tools/actions/workflows/codeql.yml] image:http://img.shields.io/:license-apache-blue.svg[License,link=http://www.apache.org/licenses/LICENSE-2.0.html] image:https://img.shields.io/maven-central/v/de.cuioss/cui-java-tools.svg?label=Maven%20Central["Maven Central", link="https://central.sonatype.com/artifact/de.cuioss/cui-java-tools"]