You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by Michael Smith <mi...@smith-li.com> on 2021/05/14 18:51:33 UTC
GitHub Security Code QL
We recently started using GitHub CodeQL (formerly Semmle) at work, and as a
multilanguage code and security scanning tool I have found it quite useful
and informative. IIUC, it's free for open source projects and easy to turn
on using actions.
https://securitylab.github.com/tools/codeql/
Would this be something we could/would want to enable for the avro repo?
If anyone wants to take a look at the output, I have it running (with extra
checks) on my fork: https://github.com/kojiromike/avro/pull/8
Re: GitHub Security Code QL
Posted by Ismaël Mejía <ie...@gmail.com>.
+1 Sounds really nice to have.
On Fri, May 14, 2021 at 8:51 PM Michael Smith <mi...@smith-li.com> wrote:
> We recently started using GitHub CodeQL (formerly Semmle) at work, and as a
> multilanguage code and security scanning tool I have found it quite useful
> and informative. IIUC, it's free for open source projects and easy to turn
> on using actions.
>
> https://securitylab.github.com/tools/codeql/
>
> Would this be something we could/would want to enable for the avro repo?
>
> If anyone wants to take a look at the output, I have it running (with extra
> checks) on my fork: https://github.com/kojiromike/avro/pull/8
>