Actions must be enabled
For running OWASP ZAP locally
Add CodeQL to your repository. It will automatically scan on every push and PR, reporting findings in the GitHub Security tab.
1 name: CodeQL SAST 2 3 on: 4 push: 5 branches: [main] 6 pull_request: 7 schedule: 8 - cron: '0 5 * * 1' # Weekly Monday 5am 9 10 jobs: 11 analyze: 12 name: Analyze 13 runs-on: ubuntu-latest 14 permissions: 15 security-events: write 16 contents: read 17 steps: 18 - uses: actions/checkout@v4 19 20 - name: Initialize CodeQL 21 uses: github/codeql-action/init@v3 22 with: 23 languages: typescript 24 queries: security-extended 25 26 - name: Build 27 run: npm ci 28 29 - name: Perform CodeQL Analysis 30 uses: github/codeql-action/analyze@v3 31 with: 32 upload: true 33
Code scanning workflow runs; results visible in GitHub Security tab
Sign in to share your feedback and join the discussion.