Enable CodeQL Advanced Security Scanning

[ghas-management]

CodeQL Advanced Security Scanning

This PR adds CodeQL security scanning to your repository using GitHub Advanced Security.

What's Included

• Automated scanning on daily schedule (can be changed to scan on push and pull requests by uncommenting the relevant lines in the workflow)
• Security alerts will appear in the Security tab

Language Coverage

Covered by this workflow: Actions, Go

Not supported by CodeQL: CSS, Io, Procfile

Manual Configuration Required

Your repository includes Go which require manual build configuration.

You will need to substitute IMAGE_PLACEHOLDER and BUILD_COMMAND_PLACEHOLDER in the workflow with the appropriate settings for building your app. See How to run CodeQL analysis for compiled languages (e.g., Kotlin, Go)? for step-by-step instructions.

Already Have a Working Workflow?

If you already have a working CodeQL workflow in place, you can continue using it. See our FAQ for more details.

Next Steps

1. Review the workflow configuration
2. Merge this PR to enable CodeQL scanning
3. If you keep the workflow scheduled for daily runs, you can use workflow dispatch to trigger the first scan
4. Check security findings in the Security tab

---

This PR was automatically created by the GHAS management tool.

More details about EE AppSec can be found here. If you have any questions, please reach out to us via EE Teams/Slack channels or tag us with @ee-security in this PR.

If you believe your repository does not require automated security scanning, see our FAQ for guidance on how to proceed.