Skip to content
CodeQL security analysis for Java

Bump advanced-security/maven-dependency-submission-action from 3.0.3 to 4.0.0 #18

Sign in to view logs

Bump advanced-security/maven-dependency-submission-action from 3.0.3 to 4.0.0

Bump advanced-security/maven-dependency-submission-action from 3.0.3 to 4.0.0 #18

Workflow file for this run

.github/workflows/codeql.yml at edba2df
name: CodeQL security analysis for Java
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '42 1 * * 2'
jobs:
build:
name: compiling and security scanning
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up with Java 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: Initialize CodeQL for security scanning
uses: github/codeql-action/init@v3
with:
languages: 'java-kotlin'
- name: Compile Java source code with Maven
run: mvn -B compile --file pom.xml
# unit tests are not run since they are not required for the CodeQL security analysis
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:java-kotlin"