CodeQL Security Scanning #87

	name: CodeQL Security Scanning

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main, develop ]
	schedule:
	# run at 6:00 am utc every monday
	- cron: '0 6 * * 1'

	permissions:
	actions: read
	contents: read
	security-events: write

	jobs:
	analyze:
	name: analyze java code
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	language: [ 'java-kotlin' ]

	steps:
	- name: checkout code
	uses: actions/checkout@v6

	- name: set up jdk 21
	uses: actions/setup-java@v5
	with:
	java-version: '21'
	distribution: 'corretto'
	cache: maven

	- name: initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality

	- name: build cdk-common dependency
	run: \|
	git clone https://github.com/fast-ish/cdk-common.git /tmp/cdk-common
	cd /tmp/cdk-common
	mvn clean install -DskipTests -B

	- name: build with maven
	run: mvn clean compile -DskipTests -B

	- name: perform CodeQL analysis
	uses: github/codeql-action/analyze@v4
	with:
	category: "/language:${{matrix.language}}"

Provide feedback