GHA CI: add CodeQL scanning

This enable codebase scanning for C++ and JavaScript languages. https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning
2025-08-14 02:27:09 -07:00 · 2023-03-12 03:11:02 +08:00 · 2023-03-12 03:11:02 +08:00 · 0f32de9d8c
commit 0f32de9d8c
parent f630d84858
4 changed files with 49 additions and 1 deletions
--- a/.github/workflows/helper/codeql/cpp.yaml
+++ b/.github/workflows/helper/codeql/cpp.yaml
@ -0,0 +1,14 @@
+name: "CodeQL config for C++"
+
+queries:
+  - uses: security-and-quality
+
+query-filters:
+  - exclude:
+      id: cpp/commented-out-code
+  - exclude:
+      id: cpp/include-non-header
+  - exclude:
+      id: cpp/loop-variable-changed
+  - exclude:
+      id: cpp/useless-expression
--- a/.github/workflows/helper/codeql/js.yaml
+++ b/.github/workflows/helper/codeql/js.yaml
@ -0,0 +1,11 @@
+name: "CodeQL config for Javascript"
+
+paths-ignore:
+  - "**/lib/*"
+
+queries:
+  - uses: security-and-quality
+
+query-filters:
+  - exclude:
+      id: js/superfluous-trailing-arguments