Hello everyone, I have not seen a single time any security Analysis job Code QL would produce any valuable output. I've seen it failing for no reason a few times though. And the Python analysis takes 20 minutes of build-job time. And it adds some complexity into cancelling duplicate jobs.
We've done some optimizations recently, and following that - I have a feeling that only running this Analysis job in the master is a better approach. There is very little chance we will miss any warning there (we are basing part of our workflow on the fact that master build is green (for example to push a new version of master prod images) and we will likely get more of it. How about doing exactly this - only running the Code QL in master/v1-10-test ? J. -- Jarek Potiuk Polidea <https://www.polidea.com/> | Principal Software Engineer M: +48 660 796 129 <+48660796129> [image: Polidea] <https://www.polidea.com/>
