Conversation
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull request overview
Adds GitHub CodeQL code scanning to the repository and exposes its status in the README, improving automated security analysis coverage for the TypeScript/JavaScript codebase.
Changes:
- Add a dedicated CodeQL workflow running on push/PR to
mainplus a weekly cron schedule. - Add a CodeQL Actions badge to
README.md.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
README.md |
Adds a CodeQL workflow status badge alongside existing CI/Coverage badges. |
.github/workflows/codeql.yml |
Introduces a CodeQL analysis workflow for JavaScript/TypeScript. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| analyze: | ||
| name: Analyze | ||
| runs-on: ubuntu-latest | ||
| permissions: |
There was a problem hiding this comment.
permissions is set at the job level but only grants security-events: write. When a job defines permissions, all unspecified scopes default to none, so actions/checkout will not be able to read repository contents and the workflow will fail. Add at least contents: read (and typically also actions: read) alongside security-events: write.
| permissions: | |
| permissions: | |
| contents: read | |
| actions: read |
Add explicit CodeQL analysis workflow running on push to main, PRs, and weekly schedule. Add CodeQL badge to README.