diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml deleted file mode 100644 index a51db141eb..0000000000 --- a/.github/codeql/codeql-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -## @file -# CodeQL configuration file for edk2. -# -# Copyright (c) Microsoft Corporation. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -name: "CodeQL config" - -# The following line disables the default queries. This is used because we want to enable on query at a time by -# explicitly specifying each query in a "queries" array as they are enabled. -# -# See the following for more information about adding custom queries: -# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file - -#disable-default-queries: true - -queries: - - name: EDK2 CodeQL Query List - uses: ./.github/codeql/edk2.qls - -# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but -# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed -# to find the level of problems desired from the query. -query-filters: -- exclude: - problem.severity: - - warning - - recommendation diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls deleted file mode 100644 index 9bea9ba01f..0000000000 --- a/.github/codeql/edk2.qls +++ /dev/null @@ -1,24 +0,0 @@ ---- -- description: EDK2 (C++) queries - -# Bring in all queries from the official cpp-queries suite so individual queries can be explicitly enabled. - -- queries: '.' - from: codeql/cpp-queries - -# Enable individual queries below. - -- include: - id: cpp/conditionallyuninitializedvariable -- include: - id: cpp/infinite-loop-with-unsatisfiable-exit-condition -- include: - id: cpp/overflow-buffer -- include: - id: cpp/overrunning-write -- include: - id: cpp/overrunning-write-with-float -- include: - id: cpp/pointer-overflow-check -- include: - id: cpp/very-likely-overrunning-write diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 992b3b6f65..0000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,118 +0,0 @@ -# @file -# GitHub Workflow for CodeQL Analysis -# -# Copyright (c) Microsoft Corporation. -# -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -name: "CodeQL" - -on: - push: - branches: - - master - pull_request: - branches: - - master - paths-ignore: - - '**/*.bat' - - '**/*.md' - - '**/*.py' - - '**/*.rst' - - '**/*.sh' - - '**/*.txt' - - schedule: - # https://crontab.guru/#20_23_*_*_4 - - cron: '20 23 * * 4' - -jobs: - analyze: - name: Analyze - runs-on: windows-2019 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - include: - - Package: "ArmPkg" - ArchList: "IA32,X64" - - Package: "CryptoPkg" - ArchList: "IA32" - - Package: "CryptoPkg" - ArchList: "X64" - - Package: "DynamicTablesPkg" - ArchList: "IA32,X64" - - Package: "FatPkg" - ArchList: "IA32,X64" - - Package: "FmpDevicePkg" - ArchList: "IA32,X64" - - Package: "IntelFsp2Pkg" - ArchList: "IA32,X64" - - Package: "IntelFsp2WrapperPkg" - ArchList: "IA32,X64" - - Package: "MdeModulePkg" - ArchList: "IA32" - - Package: "MdeModulePkg" - ArchList: "X64" - - Package: "MdePkg" - ArchList: "IA32,X64" - - Package: "PcAtChipsetPkg" - ArchList: "IA32,X64" - - Package: "PrmPkg" - ArchList: "IA32,X64" - - Package: "SecurityPkg" - ArchList: "IA32,X64" - - Package: "ShellPkg" - ArchList: "IA32,X64" - - Package: "SourceLevelDebugPkg" - ArchList: "IA32,X64" - - Package: "StandaloneMmPkg" - ArchList: "IA32,X64" - - Package: "UefiCpuPkg" - ArchList: "IA32,X64" - - Package: "UnitTestFrameworkPkg" - ArchList: "IA32,X64" - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: '3.11' - cache: 'pip' - cache-dependency-path: 'pip-requirements.txt' - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: 'cpp' - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/ - config-file: ./.github/codeql/codeql-config.yml - # Note: Add new queries to codeql-config.yml file as they are enabled. - - - name: Install/Upgrade pip Modules - run: pip install -r pip-requirements.txt --upgrade - - - name: Setup - run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 - - - name: Update - run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 - - - name: Build Tools From Source - run: python BaseTools/Edk2ToolsBuild.py -t VS2019 - - - name: CI Build - run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Package }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2