github: Add a code security scan

Add a code security scan, CodeQL to the Github Actions
continuous integration.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index bea76597f4fc125cd6649f02bd934e2ebcd12e6f..61718eb8cbbd9aef08451ddecdf475042d9545c6 100644 (file)
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -34,6 +34,22 @@ jobs:
           echo "Cleaning up previous run"
           rm -rf "${{ github.workspace }}"
 
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        submodules: false
+    - uses: github/codeql-action/init@v1
+      with:
+        languages: cpp, python
+    - name: Initialize the directory
+      uses: ./.github/actions/setup-libcgroup
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
+
   doxygen:
     name: Doxygen
     # Only run Doxygen against the main branch