https://romanoroth.com/en/tags/codeql/Recent content in CodeQL on Romano RothHugo -- gohugo.ioenRomano RothWed, 01 Feb 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-sast/Wed, 01 Feb 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-sast/<p>SCA covered our dependencies. License compliance covered what we are allowed to ship. SAST is where we point the scanners at the code we wrote ourselves. In Part 5 of our GitHub DevSecOps series, Patrick Steger and I add Static Application Security Testing to the pipeline — and find out the hard way that on GitHub it takes three Actions, not one.</p>