Skip to content

Add CodeQL once application code exists #4

Description

@Mandal-OS

Goal

Add CodeQL scanning after real application code is added under �pps/ or shared code is added under packages/.

Why It Matters

The current repo is mostly documentation and local automation. CodeQL becomes more valuable once there is application logic, API handling, authentication, data processing, or frontend code to analyze.

Initial Scope

  • Add CodeQL workflow for the chosen language stack.
  • Keep workflow permissions minimal.
  • Run on pull requests and pushes to main.
  • Document how findings should be triaged.

Definition of Done

  • CodeQL workflow is active.
  • Alerts are visible in GitHub Security.
  • Security policy references the triage workflow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    launch-readinessRelease, scale, operations, and production-readiness work.securitySecurity vulnerability, hardening, or risk reduction.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions