Automation
CodeQL
CodeQL is a code analysis tool that can be easily applied with GitHub Actions. It helps find vulnerabilities in code and improve code quality. Originally, I adopted a method of triggering CodeQL on every PR creation, but I'm adjusting as I've determined that periodic execution is sufficient.
- In private repositories, paid billing is required to use it.
- Due to permission issues, when using the internal
GITHUB_TOKEN, CodeQL may not be triggered by PR creation events. This is intended, and using a PAT is recommended.1