Action Required: Configure CodeQL

[veterans-affairs-code-scanning]

Action Required!

Automated source code scanning for potential security issues using CodeQL, Dependabot, and Secret Scanning is required for all repositories in the VA GitHub Enterprise Cloud.

There are steps that you will need to take to configure your repository to enable CodeQL code scanning. Dependabot and Secret Scanning will be automatically configured.

Our automation has analyzed your repository and identified the following supported CodeQL languages.

• ruby

The steps that you will need to take to configure your repository to enable CodeQL code scanning will be different depending on whether you are using GitHub CI tools or the external Jenkins CI tool:

• Start here if you're using GitHub CI
• Start here if you're using Jenkins CI

Additional resources that you will need when you are configuring your repository to enable CodeQL using the guidance provided in the above-linked technical notes include the following:

• Software Assurance System ID Catalog
• Edit CodeQL Analysis Workflow
• Add Excluded Languages List
• Update Production Branch
• Remove Pull Request Trigger
• Create Custom Build Script

To request technical support:

• Please book a meeting with OIS ISO SAVD Software Assurance