Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .config/dotnet-tools.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@
"commands": [
"sonarmark"
]
},
"demaconsulting.sarifmark": {
"version": "1.0.1",
"commands": [
"sarifmark"
]
}
}
}
17 changes: 17 additions & 0 deletions .github/codeql-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
# CodeQL configuration for TestResults
# Excludes test code from path-combine security analysis
# Excludes justified generic exception handlers

name: "TestResults CodeQL Config"

# Query filters to disable specific queries for certain paths
query-filters:
- exclude:
id: cs/path-combine
paths:
- test/**/*.cs
- exclude:
id: cs/catch-of-all-exceptions
paths:
- src/DemaConsulting.TestResults/Program.cs
20 changes: 18 additions & 2 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,8 @@ jobs:
uses: github/codeql-action/init@v4
with:
languages: csharp
build-mode: manual
queries: security-and-quality
config-file: ./.github/codeql-config.yml

- name: Restore Tools
run: >
Expand All @@ -215,7 +216,7 @@ jobs:
- name: Upload SARIF
uses: actions/upload-artifact@v6
with:
name: codeql-results
name: codeql-sarif
path: sarif-results/csharp.sarif

build-docs:
Expand Down Expand Up @@ -255,6 +256,12 @@ jobs:
path: test-results
merge-multiple: true

- name: Download CodeQL SARIF
uses: actions/download-artifact@v7
with:
name: codeql-sarif
path: codeql-results

- name: Generate Requirements Report and Trace Matrix
run: >
dotnet reqstream
Expand Down Expand Up @@ -304,6 +311,15 @@ jobs:
docs/tracematrix/tracematrix.html
"docs/TestResults Trace Matrix.pdf"

- name: Generate CodeQL Quality Report with SarifMark
shell: pwsh
run: >
dotnet sarifmark
--sarif codeql-results/csharp.sarif
--report docs/quality/codeql-quality.md
--heading "TestResults CodeQL Analysis"
--report-depth 1

- name: Generate Code Quality Report with SonarMark
shell: pwsh
env:
Expand Down
54 changes: 0 additions & 54 deletions .github/workflows/build_docs.yaml

This file was deleted.

1 change: 1 addition & 0 deletions docs/quality/definition.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resource-path:

input-files:
- docs/quality/introduction.md
- docs/quality/codeql-quality.md
- docs/quality/sonar-quality.md

template: template.html
Expand Down