Skip to content
CodeQL monorepo - scheduled

CodeQL monorepo - scheduled #27

Sign in to view logs

CodeQL monorepo - scheduled

CodeQL monorepo - scheduled #27

Workflow file for this run

.github/workflows/codeql-monorepo-full.yml at c9a6d19
# This workflow scans all sub projects of a monorepo.
#
# It uses Actions from `advanced-security/monorepo-code-scanning-action`
#
# The specific language and paths covered by each project are passed to the CodeQL analysis, along with a custom analysis workflow if one is provided.
#
# For TypeScript/JavaScript, Python, and Ruby, and when using 'build-mode: none' for Java and C#, you can let the CodeQL Action handle the "build" step,
# and only target the project that is being changed by the PR.
#
# For Kotlin, Swift and C/C++, or when not using 'build-mode: none' for Java and C#, you will need to manually build the project,
# in a way that you can define in the optional custom analysis workflow.
#
# If you want to specifiy custom queries, you can do so in the custom analysis workflow.
#
# You can find an example of what that looks like in this repository at .github/workflows/custom-codeql-analysis.yml
name: "CodeQL monorepo - scheduled"
on:
workflow_dispatch:
schedule:
# every day at midnight, please edit as appropriate
- cron: "0 0 * * *"
jobs:
whole-repo:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
projects: ${{ steps.whole-repo.outputs.projects }}
steps:
- name: Scan whole repo, split up by project
id: whole-repo
uses: advanced-security/monorepo-code-scanning-action/whole-repo@main
with:
projects-json: monorepo-projects.json
queries: security-extended
scan:
runs-on: ubuntu-latest
permissions:
contents: read
actions: read
security-events: write
needs: whole-repo
strategy:
matrix:
project: ${{ fromJson(needs.whole-repo.outputs.projects).projects }}
steps:
- name: Analyze code
uses: advanced-security/monorepo-code-scanning-action/scan@main