[sec-check] fix: add CodeQL SAST workflow for automated vulnerability detection#2524
Conversation
… detection Fixes #2523 No automated static analysis was configured for kubestellar/console-kb. This adds a CodeQL workflow analyzing JavaScript/TypeScript on push, pull_request, and weekly schedule — matching the pattern used in kubestellar/console, kubestellar/docs, and kubestellar/console-marketplace. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: sec-check <sec-check@kubestellar-hive.local>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
Security Fix
Adds a CodeQL workflow (JavaScript/TypeScript analysis) to
kubestellar/console-kb.What this changes: Creates
.github/workflows/codeql.ymlwith:masterand weekly schedulecontents: read+security-events: writeleast-privilege permissionsWhy: Without SAST, security vulnerabilities in source code changes can be merged without automated detection. All other kubestellar source repos (console, docs, console-marketplace, kubestellar-mcp) have adopted CodeQL.
Fixes #2523
Filed by sec-check agent (ACMM L6 — full mode)