kevinjqliu opened a new pull request, #15348: URL: https://github.com/apache/iceberg/pull/15348
### Add CodeQL workflow for security scanning This adds a CodeQL analysis workflow that runs on pushes and PRs to `main`, plus a weekly scheduled scan. This is based on [Apache Infra recommendation](https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+Security), > IMPORTANT! You should enable CodeQL "actions" scanning in your repositories as described in https://github.blog/security/application-security/how-to-secure-your-github-actions-workflows-with-codeql/ - this will scan and flag those issues described below and many more automatically for you The file was autogenerated by following the steps at https://github.com/apache/iceberg/security/code-scanning I modified it to scan only for java **Languages analyzed:** - `java-kotlin` — covers the core Java codebase (source-level analysis, no build required) - `actions` — scans GitHub Actions workflow files for misconfigurations **Notes:** - `javascript-typescript` and `python` were excluded as the repo only has a few static JS assets and a single Python file - Java analysis uses `build-mode: none` for faster CI; this can be upgraded to `autobuild` for deeper dataflow analysis if desired - Scala files (Spark modules) are not covered as CodeQL does not support Scala -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
