Skip to content

CodeQL support #3621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
duranserkan wants to merge 20 commits into
base: dev
Choose a base branch
from
Open

CodeQL support #3621

duranserkan wants to merge 20 commits into from

Conversation

@duranserkan
Copy link

@duranserkan duranserkan commented Jan 10, 2026

Description

This introduces CodeQL, a SAST (Static Application Security Testing) tool. Unlike standard linters, it performs taint analysis over the AST (Abstract Syntax Tree) to detect security vulnerabilities with a much higher degree of confidence.

I have confirmed that this action runs correctly on my fork, so it should be safe to merge.

Running SAST scans on commits and PRs is a security best practice, so I strongly recommend integrating this and fixing the findings. I consider this change a security-related bug fix for your CI workflow.

I use this exact workflow in another repository of mine. You can safely check the run logs here to verify that the configuration is valid and effective:

https://github.com/duranserkan/DRN-Project/actions/runs/20662690492/workflow
https://github.com/duranserkan/DRN-Project/actions/runs/20662690492/job/59328518670

Corresponding issue: #3620 Enable CodeQL SAST Workflow

Testing

The workflow has been verified and functions correctly. You can check the implementation branch and the successful run logs here:

Checklist

  • I have read the contribution guidelines
  • I have targeted this PR against the correct branch (master for website changes, dev for
    source changes)
  • This is either a bugfix, a documentation update, or a new feature that has been explicitly
    approved via an issue
  • I ran the test suite locally (npm run test) and verified that it succeeded

1cg and others added 20 commits October 24, 2025 21:01
@1cg
prep 2.0.8 release
cf6609d
@1cg
fix title
5bfeb97
@1cg
fix the title fix
20f97a6
@1cg
add article on the fetch()ening
b7f833b
@1cg
correct tag chars
8b249b1
@1cg
typo
e71f746
@1cg
typo
f1e0b92
@1cg
typo
a275707
@1cg
typo
2a13392
@1cg
improve
7a0086f
@nonnorm
Add Nomini to htmx alternatives (bigskysoftware#3497)
bced397 
Add Nomini to alternatives.md
@1cg
update the-fetchening.md
e9f2ee9
@1cg
Merge remote-tracking branch 'origin/master'
3abaf7e
@lorenseanstewart
Add optimistic extension to extensions index (bigskysoftware#3474)
e495b68
@avsaase
website: add Askama to the list of template engines that support temp…
9c1297c 
…late fragments (bigskysoftware#3576)

Add Askama to the list of template engines that support fragments
@1cg
add sponsor
563fff6
@1cg
Merge remote-tracking branch 'origin/master'
fcfca90
@alexpetros
Fix REST links (bigskysoftware#3611)
749d5f2
@duranserkan
CodeQL SAST Security scan added
a4d6665
@duranserkan
branch cleanup after sast scan is confirmed successfully
f8c0679
@duranserkan
Copy link
Author

duranserkan commented Jan 10, 2026

I followed the checklist and targeted dev, but because I branched from master, it looks like many unrelated commits were included. Would you prefer I rebase this onto dev, or will you squash merge it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@duranserkan @1cg @nonnorm @lorenseanstewart @avsaase @alexpetros