Add support for CodeQL and Sonarcloud for enhanced repo security #180
Assignees
Labels
dependencies
Pull requests that update a dependency file
documentation
Improvements or additions to documentation
enhancement
New feature or request
help wanted
Extra attention is needed
Comments
stan-dot
added
documentation
|
Before working on a PR to put this into copier, please try it for a reasonable period in other repos, then report back if it gives any useful results. My experience with these tools is that they make more noise than useful alerts, so I'd like to see if they have improved. |
|
that's very reasonable. arguably this should be an existing repo, not a new one. @coretl , @callumforrester do you have a repo candidate? maybe blueapi ? |
|
Be nice to prove we have it configured right on i22-bluesky, since right now the security tab isn't really giving much information. |
|
Yep, happy to see this added to blueapi |
This was referenced Aug 19, 2024
|
will revisit this once those repos are tested for 3 months - setting this for 19.11.2024 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/apps/sonarcloud
https://codeql.github.com/
see the repo for reference
DiamondLightSource/i18-bluesky#20
There is a DLS precedent for the use of codeql in the python-murfey repo
UPDATE: this had also been tested in the
i18-blueskyrepositoryThe text was updated successfully, but these errors were encountered: