From 1eebb387663f4850382fc0c6ac2264694b58aa03 Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Tue, 4 Mar 2025 10:00:38 -0600 Subject: [PATCH 1/4] Init commit for CodeQL --- .github/workflows/codeql.yml | 26 +++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 10 ++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..796968d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,26 @@ +name: CodeQL (Swift) - SAST + +on: + pull_request: + push: + workflow_dispatch: + +jobs: + analyze: + name: Code Scanning - CodeQL + runs-on: ubuntu-latest + timeout-minutes: 25 + permissions: + security-events: write + packages: read + actions: read + contents: read + strategy: + fail-fast: false + steps: + - uses: hyperwallet/public-security-workflows/codeql@main + with: + language: java + build-mode: 'none' + timeout-minutes: 25 + diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..19140c5 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,10 @@ +name: CodeQL Dependency Review - SCA + +on: + pull_request: + push: + workflow_dispatch: + +jobs: + dependency-review: + uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main \ No newline at end of file From d27ad308b6333f26a0c65cd4fc44a8ec676762c7 Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Tue, 4 Mar 2025 10:41:12 -0600 Subject: [PATCH 2/4] Updating language type --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 796968d..64b07c7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: hyperwallet/public-security-workflows/codeql@main with: - language: java - build-mode: 'none' + language: swift + build-mode: 'manual' timeout-minutes: 25 From 55b24cbd16b9844beb88dc88a05e3e56b3616b2f Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Fri, 18 Apr 2025 11:35:20 -0500 Subject: [PATCH 3/4] Testing --- .github/workflows/codeql.yml | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 64b07c7..d7dd1ae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,25 +2,17 @@ name: CodeQL (Swift) - SAST on: pull_request: + branches: + - develop push: + branches: + - develop workflow_dispatch: jobs: - analyze: - name: Code Scanning - CodeQL - runs-on: ubuntu-latest - timeout-minutes: 25 - permissions: - security-events: write - packages: read - actions: read - contents: read - strategy: - fail-fast: false - steps: - - uses: hyperwallet/public-security-workflows/codeql@main - with: - language: swift - build-mode: 'manual' - timeout-minutes: 25 - + code-scanning: + uses: hyperwallet/public-security-workflows/.github/workflows/codeql-swift.yml@feature/ios-update + with: + build-scheme: Insights + # build-workspace: Insights.xcworkspace + \ No newline at end of file From f74524082d3f716abda3c65aa08dc50035520ac1 Mon Sep 17 00:00:00 2001 From: Pablo Alguindigue Date: Fri, 18 Apr 2025 11:36:48 -0500 Subject: [PATCH 4/4] Update codeql.yml --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d7dd1ae..e649169 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,10 +3,10 @@ name: CodeQL (Swift) - SAST on: pull_request: branches: - - develop + - master push: branches: - - develop + - master workflow_dispatch: jobs: