Merge pull request #78 from debdevops/hotfix/remove-unused #134

Workflow file for this run

	# CodeQL Security Scan — SAST for C# and TypeScript
	# Scans source code for vulnerabilities: SQL injection, XSS, path traversal,
	# insecure crypto, unsafe deserialization, hardcoded credentials, and more.
	# Results appear in: Security tab → Code scanning alerts
	# Cost: FREE on public GitHub repositories
	name: CodeQL Security Scan

	on:
	push:
	branches:
	- main
	- develop
	- 'release'
	- 'bugfix/**'
	- 'feature/**'
	- 'hotfix/**'
	pull_request:
	branches:
	- main
	- develop
	- 'release'
	- 'bugfix/**'
	- 'feature/**'
	- 'hotfix/**'

	schedule:
	# Run full scan weekly on Sunday at 2 AM IST (8:30 PM UTC Saturday)
	- cron: '30 20 * * 6'

	jobs:
	analyze-csharp:
	name: Scan C# (.NET Backend)
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write # Required to upload CodeQL results

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up .NET
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: '10.0.x'

	- name: Initialize CodeQL for C#
	uses: github/codeql-action/init@v3
	with:
	languages: csharp
	config-file: .github/codeql/codeql-config.yml
	# Use extended security queries for broader coverage
	queries: security-extended

	- name: Restore dependencies
	run: dotnet restore services/api/ServiceHub.sln

	- name: Build for CodeQL analysis
	# CodeQL needs to observe the build to understand the code
	run: \|
	dotnet build services/api/ServiceHub.sln \
	--configuration Release \
	--no-restore

	- name: Perform CodeQL analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:csharp"

	analyze-typescript:
	name: Scan TypeScript (React Frontend)
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20.x'
	cache: 'npm'
	cache-dependency-path: apps/web/package-lock.json

	- name: Initialize CodeQL for TypeScript
	uses: github/codeql-action/init@v3
	with:
	languages: javascript-typescript
	config-file: .github/codeql/codeql-config.yml
	queries: security-extended

	- name: Install dependencies
	working-directory: apps/web
	run: npm ci --include=optional

	- name: Build for CodeQL analysis
	working-directory: apps/web
	# TypeScript build helps CodeQL resolve types accurately
	run: npx tsc -b --noEmit \|\| true

	- name: Perform CodeQL analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:javascript-typescript"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #78 from debdevops/hotfix/remove-unused #134

Workflow file

Merge pull request #78 from debdevops/hotfix/remove-unused #134

Uh oh!

Workflow file for this run