[codex] Add security automation baseline#4
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 38c277c3ef
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: php |
There was a problem hiding this comment.
Use a supported scanner instead of CodeQL PHP
For this PHP-only app, this workflow will fail at initialization rather than producing a required security signal: GitHub's CodeQL supported-language docs explicitly say unsupported languages include PHP, and github/codeql-action/init@v3 only accepts supported CodeQL language identifiers. If this check is made required on main as described by the commit message, every push/PR will be blocked until the workflow is removed or replaced with a PHP-capable scanner.
Useful? React with 👍 / 👎.
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Summary
SECURITY.mdpointing vulnerability reports to GitHub private vulnerability reporting.Why
This supports the repository security settings work by adding the file-backed automation needed before requiring security checks on
main.Verification
scripts/php-lint.shscripts/check-source-only.shscripts/check-file-modes.shscripts/check-assets.shgit diff --check