[Product Security] Add or update CodeQL workflow

github-actions · github-actions · commit f146fb7d9c60 · 2025-11-07T15:59:54.000Z
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -0,0 +1,22 @@
+name: "CodeQL public repository scanning"
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: "0 0 * * *"
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+  packages: read
+
+jobs:
+  trigger-codeql:
+    uses: zendesk/prodsec-code-scanning/.github/workflows/codeql_advanced_shared.yml@production
