hpvd opened a new issue, #17069: URL: https://github.com/apache/pulsar/issues/17069
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation Since https://github.com/apache/pulsar/pull/10855 we are doing dependency scans for vulnerabilities (CVEs =Common Vulnerabilities and Exposures) on regular basis. That's really great! Like always there is more one can do. We could also scan for C**W**Es... ### Solution Github allows for open source projects like pulsar, the free usage of CodeQL. This tool tries to spot the C**W**Es (CommonWeaknesses) in Software written in different languages (and Hardware), see https://cwe.mitre.org/ > If you haven’t heard of [CodeQL](https://codeql.github.com/), it’s GitHub’s static code analysis engine that treats code like data and makes it queryable. Then, using a growing library of open source queries corresponding to known security vulnerability patterns, CodeQL scans your code to identify any potential issues. The usage seems to be the same as the CVE Scanner we use, simply be github action and uploading an report in the end For setup see: https://github.com/github/codeql-action Would be really interesting to give it a test run on a small component of pulsar and see if it can catch anything valuable without too many false positives. ### Alternatives _No response_ ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
