diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 0b8b004..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright (C) 2026 Moko Consulting -# -# This file is part of a Moko Consulting project. -# -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# FILE INFORMATION -# DEFGROUP: GitHub.Workflow -# INGROUP: Moko-Cassiopeia.Security -# REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia -# PATH: /.github/workflows/codeql-analysis.yml -# VERSION: 01.00.00 -# BRIEF: CodeQL security scanning workflow for vulnerability detection -# NOTE: Runs on push to main and PRs, weekly scheduled scans - -name: "CodeQL Security Scanning" - -on: - push: - branches: - - main - - dev/** - - rc/** - - version/** - pull_request: - branches: - - main - - dev/** - - rc/** - - version/** - schedule: - # Run at 6:00 AM UTC every Monday - - cron: '0 6 * * 1' - workflow_dispatch: - -permissions: - actions: read - contents: read - security-events: write - -jobs: - analyze: - name: CodeQL Analysis - runs-on: ubuntu-latest - timeout-minutes: 360 - - strategy: - fail-fast: false - matrix: - language: [ 'javascript', 'python' ] - # CodeQL supports: 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' - # This repository contains PHP (not directly supported), JavaScript, and Python - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: +security-extended,security-and-quality - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). - # If this step fails, then you should remove it and run the build manually - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" - upload: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b18c3a..4c45e72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,12 +23,14 @@ ## [03.05.01] 2026-01-09 ### Added -- Added `codeql-analysis.yml` workflow for security scanning - Added `dependency-review.yml` workflow for dependency vulnerability scanning - Added `standards-compliance.yml` workflow for MokoStandards validation - Added `.github/dependabot.yml` configuration for automated security updates - Added `docs/README.md` as documentation index +### Changed +- Removed custom `codeql-analysis.yml` workflow (repository uses GitHub's default CodeQL setup) + ### Changed - Enforced repository compliance with MokoStandards requirements - Improved security posture with automated scanning and dependency management