-
Notifications
You must be signed in to change notification settings - Fork 508
48 lines (38 loc) · 1.16 KB
/
scan_codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Scan the C/C++ and Python code for vulnerabilities using CodeQL.
name: CodeQL
on:
workflow_call:
permissions:
actions: read
contents: read
security-events: write
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-latest
steps:
- name: Clone the git repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install pmem/valgrind (including dependencies)
run: |
export VALGRIND_DEPS="autoconf \
automake"
export BASE_DEPS="build-essential \
git \
libdaxctl-dev \
libndctl-dev \
pandoc \
pkg-config"
sudo apt-get update \
&& sudo apt-get install -y --no-install-recommends \
${VALGRIND_DEPS} \
${BASE_DEPS} \
&& sudo ./utils/docker/images/install-valgrind.sh
- name: Initialize CodeQL
uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
with:
languages: cpp, python
- name: Build PMDK
run: make test -j$(nproc)
- name: CodeQL scan
uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6