diff options
| -rw-r--r-- | .github/codeql/codeql-config.yml | 29 | ||||
| -rw-r--r-- | .github/codeql/edk2.qls | 24 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 118 |
3 files changed, 0 insertions, 171 deletions
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml deleted file mode 100644 index a51db141eb..0000000000 --- a/.github/codeql/codeql-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -## @file
-# CodeQL configuration file for edk2.
-#
-# Copyright (c) Microsoft Corporation.
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-##
-
-name: "CodeQL config"
-
-# The following line disables the default queries. This is used because we want to enable on query at a time by
-# explicitly specifying each query in a "queries" array as they are enabled.
-#
-# See the following for more information about adding custom queries:
-# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file
-
-#disable-default-queries: true
-
-queries:
- - name: EDK2 CodeQL Query List
- uses: ./.github/codeql/edk2.qls
-
-# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but
-# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed
-# to find the level of problems desired from the query.
-query-filters:
-- exclude:
- problem.severity:
- - warning
- - recommendation
diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls deleted file mode 100644 index 9bea9ba01f..0000000000 --- a/.github/codeql/edk2.qls +++ /dev/null @@ -1,24 +0,0 @@ ----
-- description: EDK2 (C++) queries
-
-# Bring in all queries from the official cpp-queries suite so individual queries can be explicitly enabled.
-
-- queries: '.'
- from: codeql/cpp-queries
-
-# Enable individual queries below.
-
-- include:
- id: cpp/conditionallyuninitializedvariable
-- include:
- id: cpp/infinite-loop-with-unsatisfiable-exit-condition
-- include:
- id: cpp/overflow-buffer
-- include:
- id: cpp/overrunning-write
-- include:
- id: cpp/overrunning-write-with-float
-- include:
- id: cpp/pointer-overflow-check
-- include:
- id: cpp/very-likely-overrunning-write
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 992b3b6f65..0000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,118 +0,0 @@ -# @file
-# GitHub Workflow for CodeQL Analysis
-#
-# Copyright (c) Microsoft Corporation.
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-##
-
-name: "CodeQL"
-
-on:
- push:
- branches:
- - master
- pull_request:
- branches:
- - master
- paths-ignore:
- - '**/*.bat'
- - '**/*.md'
- - '**/*.py'
- - '**/*.rst'
- - '**/*.sh'
- - '**/*.txt'
-
- schedule:
- # https://crontab.guru/#20_23_*_*_4
- - cron: '20 23 * * 4'
-
-jobs:
- analyze:
- name: Analyze
- runs-on: windows-2019
- permissions:
- actions: read
- contents: read
- security-events: write
-
- strategy:
- fail-fast: false
- matrix:
- include:
- - Package: "ArmPkg"
- ArchList: "IA32,X64"
- - Package: "CryptoPkg"
- ArchList: "IA32"
- - Package: "CryptoPkg"
- ArchList: "X64"
- - Package: "DynamicTablesPkg"
- ArchList: "IA32,X64"
- - Package: "FatPkg"
- ArchList: "IA32,X64"
- - Package: "FmpDevicePkg"
- ArchList: "IA32,X64"
- - Package: "IntelFsp2Pkg"
- ArchList: "IA32,X64"
- - Package: "IntelFsp2WrapperPkg"
- ArchList: "IA32,X64"
- - Package: "MdeModulePkg"
- ArchList: "IA32"
- - Package: "MdeModulePkg"
- ArchList: "X64"
- - Package: "MdePkg"
- ArchList: "IA32,X64"
- - Package: "PcAtChipsetPkg"
- ArchList: "IA32,X64"
- - Package: "PrmPkg"
- ArchList: "IA32,X64"
- - Package: "SecurityPkg"
- ArchList: "IA32,X64"
- - Package: "ShellPkg"
- ArchList: "IA32,X64"
- - Package: "SourceLevelDebugPkg"
- ArchList: "IA32,X64"
- - Package: "StandaloneMmPkg"
- ArchList: "IA32,X64"
- - Package: "UefiCpuPkg"
- ArchList: "IA32,X64"
- - Package: "UnitTestFrameworkPkg"
- ArchList: "IA32,X64"
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - name: Install Python
- uses: actions/setup-python@v4
- with:
- python-version: '3.11'
- cache: 'pip'
- cache-dependency-path: 'pip-requirements.txt'
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
- with:
- languages: 'cpp'
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
- # Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
- config-file: ./.github/codeql/codeql-config.yml
- # Note: Add new queries to codeql-config.yml file as they are enabled.
-
- - name: Install/Upgrade pip Modules
- run: pip install -r pip-requirements.txt --upgrade
-
- - name: Setup
- run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Update
- run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Build Tools From Source
- run: python BaseTools/Edk2ToolsBuild.py -t VS2019
-
- - name: CI Build
- run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Package }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
|