vrr/openclaw
2
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-21 19:15:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 19

chore(ci): add MCP process CodeQL shard

Browse source 
Adds the focused MCP/process/tool-execution CodeQL security shard and documents it in CI docs.

Proof:
- Branch CodeQL security run https://github.com/openclaw/openclaw/actions/runs/25132942030 passed on 9d8ca2bae7.
- New mcp-process-tool-boundary analysis 1200250367 returned 0 results.
- Branch open CodeQL alerts: none.
- Workflow Sanity, Blacksmith Testbox, Blacksmith Build Artifacts Testbox, and OpenGrep PR Diff passed.
This commit is contained in:
Vincent Koc 2026-04-29 13:48:53 -07:00 committed by GitHub
parent 06fcd3b60e
commit cd6efd1a42
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 68 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/codeql.yml vendored
View file

@ -51,6 +51,11 @@ jobs:
runs_on: blacksmith-4vcpu-ubuntu-2404
timeout_minutes: 25
config_file: ./.github/codeql/codeql-network-ssrf-boundary-critical-security.yml
- language: javascript-typescript
category: mcp-process-tool-boundary
runs_on: blacksmith-4vcpu-ubuntu-2404
timeout_minutes: 25
config_file: ./.github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml
- language: actions
category: actions
runs_on: blacksmith-8vcpu-ubuntu-2404