Skip to content

Enable GitHub CodeQL scanning #19

New issue
New issue
Open
Task
Open
Enable GitHub CodeQL scanning#19
Task
@lornakelly

Description

@lornakelly
lornakelly
opened on Mar 3, 2026

Summary

Configure GitHub’s CodeQL code scanning for this repository to analyze the JavaScript/TypeScript codebase, catch common security issues early, and surface findings in the repo Security → Code scanning alerts.

Goals

  • Enable CodeQL analysis for JS/TS to detect common vulnerabilities and insecure patterns.
  • Run analysis automatically via GitHub Actions and publish results to the Security tab.
  • Keep configuration lightweight and maintainable for an OSS repo.

Non-Goals

  • Custom CodeQL queries on day one.
  • Scanning non-JS/TS languages unless required.
  • Treating CodeQL as a replacement for unit tests/linting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    Editor Project Tracker

    Status

    Next

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions