Adds job for scanning dependencies (#25)

onlinejudge95 · web-flow · commit 09a4362127f8 · 2022-10-16T00:30:35.000+05:30
* Adds job for scanning dependencies

* Adds job for CodeQL Scan
diff --git a/.github/workflows/mr_ci.yml b/.github/workflows/mr_ci.yml
@@ -40,3 +40,34 @@ jobs:
       run: |
         pytest --no-cov-on-fail --cov argocd --cov-report html --cov-report term --cov-report xml tests/unit
         ./codecov -t ${CODECOV_TOKEN} -F unit
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
+
