Vincent Koc
|
e10f493160
|
ci: shard config codeql quality
Split config quality CodeQL results into a separate category while keeping the default quality bucket narrow.
|
2026-04-28 04:00:14 -07:00 |
|
Vincent Koc
|
5820a48fca
|
ci: add plugin boundary codeql quality shard (#73447)
|
2026-04-28 02:30:33 -07:00 |
|
Vincent Koc
|
1278f0bcc0
|
fix(codeql): tune Android pinning profile
Remove noisy missing-certificate-pinning query from the critical Android CodeQL profile; gateway TLS uses custom certificate fingerprint pinning.
|
2026-04-27 23:04:16 -07:00 |
|
Vincent Koc
|
2bce63cb65
|
fix(android): harden canvas webview bridge (#73240)
* fix(android): harden canvas webview bridge
* fix(android): make canvas content access hardening explicit
* fix(android): keep webview hardening inline for CodeQL
* fix(android): avoid webview getter false positive
|
2026-04-27 21:41:01 -07:00 |
|
Vincent Koc
|
36b5e34fc0
|
fix(ci): add macOS CodeQL security shard
Add a manual macOS CodeQL security shard scoped to app sources. Verified with profile=macos-security on Blacksmith in 16m55s.
|
2026-04-27 13:40:34 -07:00 |
|
Vincent Koc
|
74eccd42d8
|
fix(ci): add android CodeQL security shard
Add a manual Android CodeQL security shard scoped to app production sources. Verified with profile=android-security on Blacksmith in 4m22s.
|
2026-04-27 12:32:55 -07:00 |
|
Vincent Koc
|
e864fd39cc
|
fix(ci): narrow CodeQL critical scan (#72982)
|
2026-04-27 11:42:42 -07:00 |
|
Mason Huang
|
5d4931cc3f
|
CI: trim CodeQL JavaScript scope (#71347)
|
2026-04-25 09:57:12 +08:00 |
|
Vincent Koc
|
b6520d7172
|
CI: scope CodeQL JavaScript analysis
|
2026-03-08 10:29:56 -07:00 |
|