chore: 🔧 Type: Chore | Scope: .github/codeql-config.yml | Title: Simp…

…lify CodeQL configuration (#70) Description: - This commit simplifies the CodeQL configuration in the .github/codeql-config.yml file. - The previous configuration details for the Node.js Security Scan and database connection have been removed. - This change streamlines the configuration, making it easier to maintain and understand. Details: - The previous configuration was more complex and included unnecessary details for a hosted database connection and a specific Node.js Security Scan. - The new configuration is simpler and more generic, which makes it easier to maintain and understand. Changeset: - .github/codeql-config.yml: Removed specific Node.js Security Scan configuration and database connection details. This commit simplifies the CodeQL configuration in the .github/codeql-config.yml file. The previous configuration details for the Node.js Security Scan and database connection have been removed. This change streamlines the configuration, making it easier to maintain and understand. Footer: Co-authored-by: Ricardo Esteves [email protected] Related to: #60
RicardoGEsteves · Jan 23, 2024 · 5d05b19 · 5d05b19
1 parent 2f5af0b
commit 5d05b19
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 60 deletions.
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
@@ -1,58 +1,45 @@
-name: Node.js Security Scan Configuration
-description: Scans Node.js projects for potential security issues using CodeQL
-language: typescript
-version: 1.0.2
-
-connection:
-  database:
-    type: hosted
-    # url: https://codeql.codecov.io/
-    # token: <your_codecov_token>
-
-queries:
-  - name: Unused Variables
-    query: |
-      from sources
-      where sources.code.contains("unused")
-      select sources.code.location, sources.code, "Unused variable detected"
-
-  - name: Insecure Dependency Usage
-    query: |
-      from dependencies
-      where dependencies.version < "16.13.1"
-      and dependencies.product = "npm:react-dom"
-      select dependencies.name, dependencies.version, "Insecure react-dom version used"
-
-  - name: NoESLint
-    query: |
-      from sources
-      where not sources.code.contains("eslint")
-      select sources.code.location, sources.code, "Missing ESLint"
-
-  - name: XSS Vulnerabilities
-    query: |
-      from sources
-      where sources.code.matches("(dangerousXSSMethod|unsafePattern)")
-      select sources.code.location, sources.code, "Potential XSS vulnerability"
-
-  - name: Injection Vulnerabilities
-    query: |
-      from sources
-      where sources.code.matches("(dangerousSQLQuery|unvalidatedInput)")
-      select sources.code.location, sources.code, "Possible injection vulnerability"
-
-  - name: Improper Error Handling
-    query: |
-      from controlflow
-      where controlflow.reachesExit() and not controlflow.traversesCatch()
-      select controlflow, "Improper error handling"
-
-languages:
-  - javascript
-  - typescript
-
-environments:
-  - name: Node.js
-    variables:
-      - name: NODE_PATH
-        value: "./node_modules"
+name: "Advanced CodeQL Analysis"
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+  schedule:
+    - cron: "0 1 * * 0"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        node: ["20", "21", "lts/*"]
+        language: ["javascript"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+          cache: "npm"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/[email protected]
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/codeql-config.yml
+
+      - name: Autobuild
+        uses: github/codeql-action/[email protected]
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/[email protected]
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,8 +5,6 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 30
-    ignore:
-      - dependency-name: "pnpm"
 
   - package-ecosystem: "github-actions"
     directory: "/"