jomarko opened a new issue, #1171: URL: https://github.com/apache/incubator-kie-issues/issues/1171
We have active CodeQL scans in the apache/incubator-kie-tools repository. The problem I see with this scan can be put into two categories. ### Deprecated github action We use currently codeql-action@v2 (https://github.com/apache/incubator-kie-tools/blob/main/.github/workflows/ci_codeql.yml), that are deprecated (https://github.com/github/codeql-action?tab=readme-ov-file#supported-versions-of-the-codeql-action). The v3 uses node 20, not sure if we are blocked by this ticket (https://github.com/apache/incubator-kie-issues/issues/392) to migrate codeql-actions. ### Results It can be found here https://github.com/apache/incubator-kie-tools/security/code-scanning. As problematic, I see the amount. Currently, more than 400 issues. Such amount of issues makes difficult to assess, what is the actual code quality of the repository. When we take closer look on the reported issues, a lot of issues are related to dev webapps, should we scan all packages of the kie-tools? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
