ci: enable security code scanner #8593
Conversation
witmicko
added
DO-NOT-MERGE
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
witmicko
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8593 +/- ##
=======================================
Coverage 41.06% 41.07%
=======================================
Files 1246 1246
Lines 30320 30320
Branches 2962 2962
=======================================
+ Hits 12452 12453 +1
+ Misses 17125 17123 -2
- Partials 743 744 +1 ☔ View full report in Codecov by Sentry. |
|
Heyyy, Awesome work! I see the do not merge library, but the changes seem good to me! It is missing something? |
thank you @tommasini, we put "do not merge" because we want to hold off a little with merging it but would appreciate PR early review and approval so it could be merged quickly when all is ready |
|
metamaskbot
added
the
release-7.18.0
Required Action
Prior to merging this pull request, please ensure the following has been completed:
branchescorrectly specifies this repository's default branch (usuallymain).paths_ignoredconfiguration option (see setup)What is the Security Code Scanner?
This pull request enables the MetaMask Security Code Scanner GitHub Action. This action runs on each pull request, and will flag potential vulnerabilities as a review comment. It will also scan this repository's default branch, and log any findings in this repository's Code Scanning Alerts Tab.
The action itself runs various static analysis engines behind the scenes. Currently, it is only running GitHub's CodeQL engine. For this reason, we recommend disabling any existing CodeQL configuration your repository may have.
How do I interact with the tool?
Every finding raised by the Security Code Scanner will present context behind the potential vulnerability identified, and allow the developer to fix, or dismiss it.
The finding will automatically be dismissed by pushing a commit that fixes the identified issue, or by manually dismissing the alert using the button in GitHub's UI. If dismissing an alert manually, please add any additional context surrounding the reason for dismissal, as this informs our decision to disable, or improve any poor performing rules.
For more configuration options, please review the tool's README.
For any additional questions, please reach out to
@mm-application-securityslack.