.github/workflows codeql.yml sonar-qube.yml sonar-project.properties 38 changes: 38 additions & 0 deletions 38 .github/workflows/codeql.yml Original file line numberDiff line numberDiff line change @@ -0,0 +1,38 @@ name: "CodeQL Advanced" on: push: pull_request: schedule: - ...
LGTM ©️ — Find security vulnerabilities, variants, and critical code quality issues using CodeQL queries over source code. Automatic PR code review; free for open source. Formerly semmle. It supports public Git repositories hosted on Bitbucket Cloud, GitHub.com, GitLab.com. lizard— Lizard...
It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. Similar to SonarQube, but it is different. Fig. 1 Better...
An integration between SonarQube and MS Teams, implemented as an Azure Function. - GitHub - highbyte/SonarqubeMSTeamsBridge: An integration between SonarQube and MS Teams, implemented as an Azure Function.
SonarQube Server— SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build. Sonatype ©️ — Reports...
pythondockerkubernetesredishelmprometheussnykkindhadolintmelangecert-managerhelmfiletrivycodeqlkyvernocosignapkodocker-scoutcoderabbit UpdatedSep 14, 2024 HTML A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries ...
Update codeql-analysis to run on .github by @ConX. Update labeler preflight to Ubuntu Latest by @Panquesito7. [NO SQUASH] Merge a few commits from master by @amacado, @Thomas-Boi. Merge a few commits from master by @amacado, @Thomas-Boi. Update many of the actions to their latest...
GitHub Advanced Security GitHub Open Source or Free SaaS or On-Premises GitHub Advanced Security uses CodeQL for Static Code Analysis, and GitHub Secret Scanning for identifying tokens. GitHub code scanning can import SARIF from any other SAST tool GitLab GitLab Commercial SaaS, Linux, Windows Go...
.github/workflows Create codeql-analysis.yml Nov 26, 2020 assets [ImgBot] Optimize images Jan 25, 2021 tools Bump golang.org/x/net from 0.17.0 to 0.23.0 in /tools Apr 19, 2024 CONTRIBUTING.md Remove i18n Jan 25, 2021 CONTRIBUTORS.svg chore: update contributors [skip ci] Jul 7, 2024...
Bump github/codeql-action from 2.2.5 to 2.2.6 by @dependabot in #778 Bump github/codeql-action from 2.2.6 to 2.2.7 by @dependabot in #784 Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #786 Bump checkstyle from 10.8.1 to 10.9.1 by @dependabot in #787 Bump ...