Skip to content

feat: Added CodeQL SAST scanning and detect-secrets pre-commit hook#5983

Merged
ntkathole merged 1 commit intofeast-dev:masterfrom
ntkathole:sec_checks
Feb 19, 2026
Merged

feat: Added CodeQL SAST scanning and detect-secrets pre-commit hook#5983
ntkathole merged 1 commit intofeast-dev:masterfrom
ntkathole:sec_checks

Conversation

@ntkathole
Copy link
Member

@ntkathole ntkathole commented Feb 18, 2026
edited by devin-ai-integration bot
Loading

What this PR does / why we need it:

This PR adds CodeQL SAST scanning and detect-secrets hook that runs on every commit to catch accidentally committed secrets.

CodeQL SAST scanning that runs on:

  • PRs targeting master
  • Pushes to master
  • Weekly schedule (Mondays 6am UTC)
  • Scoped to python and javascript-typescript

.pre-commit-config.yaml (modified) - added detect-secrets hook that runs on every commit to catch accidentally committed secrets. Excludes lock files, requirements, SVGs, and HTML to avoid false positives.

Open with Devin

@ntkathole ntkathole self-assigned this Feb 18, 2026
@github-advanced-security
Copy link

github-advanced-security bot commented Feb 18, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 18, 2026
View reviewed changes
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@ntkathole ntkathole force-pushed the sec_checks branch 2 times, most recently from 4c863b9 to 14295e2 Compare February 19, 2026 04:24
@ntkathole
feat: Added CodeQL SAST scanning and detect-secrets pre-commit hook
225d150 
Signed-off-by: ntkathole <nikhilkathole2683@gmail.com>
@ntkathole ntkathole merged commit 547b516 into feast-dev:master Feb 19, 2026
17 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@franciscojavierarceo franciscojavierarceo franciscojavierarceo approved these changes

Assignees

@ntkathole ntkathole

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ntkathole @franciscojavierarceo

Comments