chore(tools): add codeql for typescript

nodejs · Aug 3, 2024 · 2d02ff6 · 2d02ff6
1 parent 998e995
commit 2d02ff6
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 19 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -5,9 +5,6 @@ on:
     # Runs at 00:00 UTC everyday
     - cron: '0 0 * * *'
   push:
-    paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
   pull_request:
 
 jobs:
@@ -17,3 +14,28 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3
+        with:
+          manifest-path: "deps/swc/bindings/Cargo.toml"
+
+  typescript-audit:
+    runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      matrix:
+        include:
+        - language: javascript-typescript
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        with:
+          languages: ${{ matrix.language }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/deny.toml b/deny.toml
@@ -2,28 +2,24 @@
 targets = []
 
 [advisories]
-vulnerability = "deny"
-unmaintained = "warn"
-yanked = "warn"
-notice = "warn"
 ignore = []
 
 [licenses]
-unlicensed = "deny"
 allow = [
     "Apache-2.0",
     "Apache-2.0 WITH LLVM-exception",
     "MIT",
     "MPL-2.0",
     "BSD-3-Clause",
+    "BSD-2-Clause",
     "ISC",
+    "0BSD",
+    "CC0-1.0",
+    "Unicode-DFS-2016"
 ]
-deny = []
-copyleft = "deny"
 confidence-threshold = 0.8
 exceptions = []
 
-
 [licenses.private]
 ignore = false
 registries = []
@@ -38,12 +34,4 @@ skip = []
 skip-tree = []
 
 [sources]
-unknown-registry = "warn"
-unknown-git = "warn"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
-allow-git = []
-
-[sources.allow-org]
-github = []
-gitlab = []
-bitbucket = []