1 possible answer(s) on “Add CodeQL security analysis to GitHub Actions workflows

  1. If CodeQL is able to reliably detect use of unsafe array iteration or report where primordials should be used, I’d be up for that, personally. I guess it depends how configurable it is, I agree it’s not helpful if it produces more false positives than useful warnings.