Reenable CodeQL for SDL compliance by DaveTryon · Pull Request #951 · microsoft/sbom-tool (original) (raw)
As called out in #948, we are not currently running CodeQL, which is a compliance violation. This PR backs out the change from #916 and part of the change from #913, leaving us with osx-arm64 being tested in every PR and in the release validation pipelines, and CodeQL being run in the CI pipeline. Here's the full table, just for reference:
| Pipeline | job | Builds | Test os | CodeQL |
|---|---|---|---|---|
| PR | windows | windows | windows | No |
| PR | linux | linux | linux | No |
| PR | osx | osx | osx | No |
| PR | osx-arm64 | osx-arm64 | osx-arm64 | No |
| CI | windows | windows | windows | Yes |
| CI | linux | linux | linux | Yes |
| CI | osx | osx | osx | Yes |
| CI | osx-arm64 | osx-arm64 | osx | Yes |
| Release validation | windows | n/a | windows | No |
| Release validation | linux | n/a | linux | No |
| Release validation | osx | n/a | osx | No |
| Release validation | osx-arm64 | n/a | osx-arm64 | No |