From 57867bff29ab702c7b81cd298bb4838596996de1 Mon Sep 17 00:00:00 2001 From: jandroav Date: Tue, 16 Jan 2024 08:02:45 +0100 Subject: [PATCH] feat(codeql.yml): add CodeQL workflow for continuous code analysis using CodeQL refactor(snyk): remove .snyk policy file as it is no longer needed for vulnerability management --- .github/workflows/codeql.yml | 18 ++++++++++++++++++ .snyk | 9 --------- 2 files changed, 18 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/codeql.yml delete mode 100644 .snyk diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..280df471 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,18 @@ +name: CodeQL + +on: + workflow_dispatch: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '16 14 * * 4' + +jobs: + codeql: + uses: liquibase/build-logic/.github/workflows/codeql.yml@v0.6.1 + secrets: inherit + with: + languages: '["java"]' diff --git a/.snyk b/.snyk deleted file mode 100644 index 2f01e789..00000000 --- a/.snyk +++ /dev/null @@ -1,9 +0,0 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.22.1 -# ignores vulnerabilities until expiry date; change duration by modifying expiry date -ignore: - SNYK-JAVA-ORGLIQUIBASE-2419059: - - '*': - reason: ignore liquibase version - created: 2022-03-07T15:57:03.089Z -patch: {} \ No newline at end of file