Hi all,
CodeQL, GitHub's semantic code analysis tool, now supports Swift. This enables you to perform static analysis on your codebases to get alerted to any vulnerabilities, such as SQL injection attacks etc.
To set it up, go to your repository's settings page and click Code Security and Analysis:
Under Code Scanning select Set up for CodeQL analysis:
Default will try and set up the project for you with preconfigured options:
If your repo supports multiple languages you may want to customise it:
At the time of writing Swift support is still in Beta.
I've found that Swift packages need to be manually built, but it does support Swift 5.8 and Linux now. To do so, define a workflow file for CodeQL:
name: "CodeQL"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
run-codeql-linux:
name: Run CodeQL on Linux
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: swift
- name: Build
run: swift build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Once done, it will scan PRs and main for any security issues. Any issues will appear in the Security tab under Code Scanning:
N.B. I'm not affiliated with GitHub, but have worked on Swift support for Dependabot