You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by Michael Smith <mi...@smith-li.com> on 2021/05/14 18:51:33 UTC

GitHub Security Code QL

We recently started using GitHub CodeQL (formerly Semmle) at work, and as a
multilanguage code and security scanning tool I have found it quite useful
and informative. IIUC, it's free for open source projects and easy to turn
on using actions.

https://securitylab.github.com/tools/codeql/

Would this be something we could/would want to enable for the avro repo?

If anyone wants to take a look at the output, I have it running (with extra
checks) on my fork: https://github.com/kojiromike/avro/pull/8

Re: GitHub Security Code QL

Posted by Ismaël Mejía <ie...@gmail.com>.

+1 Sounds really nice to have.

On Fri, May 14, 2021 at 8:51 PM Michael Smith <mi...@smith-li.com> wrote:

> We recently started using GitHub CodeQL (formerly Semmle) at work, and as a
> multilanguage code and security scanning tool I have found it quite useful
> and informative. IIUC, it's free for open source projects and easy to turn
> on using actions.
>
> https://securitylab.github.com/tools/codeql/
>
> Would this be something we could/would want to enable for the avro repo?
>
> If anyone wants to take a look at the output, I have it running (with extra
> checks) on my fork: https://github.com/kojiromike/avro/pull/8
>