How to identify support for GitHub CI
Question
While I use Jenkins for my CI, is it possible to use GitHub Actions for the code scanning portion of my CI, and if so, how do I tell if my repository can be scanned using GitHub Actions?
Answer
In many scenarios it is possible you will not need to modify your existing CI to use Jenkins for code scanning. If your build process does not require access to resources behind the Veterans Affairs firewall, you can use GitHub Actions for code scanning.
To determine if your repository can be scanned using GitHub Actions, check to see if the Checks
tab of the Configure CodeQL
pull request had any failed tests in the CodeQL
section in the left-hand pane. If there are no failed tests, you can use GitHub Actions for code scanning by following the steps in the How to enable CodeQL for GitHub Actions technical note.
If there were failed tests, and you don’t need access to dependencies behind the VA firewall, you can use GitHub Actions for code scanning by following the steps in the How to enable CodeQL for GitHub Actions technical note.