name: 'UI: CodeQL' on: push: branches: - 'master' - 'v5.*' paths: - 'ui/**' - '.github/workflows/ui-codeql.yml' - '.github/codeql/ui-codeql-config.yml' - '!ui/CHANGELOG.md' pull_request: branches: - 'master' - 'v5.*' paths: - 'ui/**' - '.github/workflows/ui-codeql.yml' - '.github/codeql/ui-codeql-config.yml' - '!ui/CHANGELOG.md' schedule: - cron: '00 12 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: ui-analyze: if: github.repository == 'prowler-cloud/prowler' name: CodeQL Security Analysis runs-on: ubuntu-latest timeout-minutes: 30 permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: - 'javascript-typescript' steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Initialize CodeQL uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/ui-codeql-config.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: category: '/language:${{ matrix.language }}'