chore(sync): mirror docs from openclaw/openclaw@77192572f6
This commit is contained in:
parent
138104856b
commit
50ab45fe43
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "6cc6996a1c50030c93f01b2e741956da628caa66",
|
||||
"syncedAt": "2026-04-28T10:14:09.833Z"
|
||||
"sha": "77192572f62174aeb9d5d42e8901773aae611f50",
|
||||
"syncedAt": "2026-04-28T10:15:13.091Z"
|
||||
}
|
||||
|
||||
@ -230,14 +230,19 @@ or overlapping changed hunks.
|
||||
The `CodeQL` workflow is intentionally a narrow first-pass security scanner,
|
||||
not the full repository sweep. Daily and manual runs scan Actions workflow code
|
||||
plus the highest-risk JavaScript/TypeScript auth, secrets, sandbox, cron, and
|
||||
gateway surfaces with high-precision security queries. macOS remains a manual
|
||||
security shard so its runtime and alert quality can be tracked separately.
|
||||
gateway surfaces with high-precision security queries.
|
||||
|
||||
The `CodeQL Android Critical Security` workflow is the scheduled Android
|
||||
security shard. It builds the Android app manually for CodeQL on the smallest
|
||||
Blacksmith Linux runner label accepted by workflow sanity and uploads results
|
||||
under the `/codeql-critical-security/android` category.
|
||||
|
||||
The `CodeQL macOS Critical Security` workflow is the weekly/manual macOS
|
||||
security shard. It builds the macOS app manually for CodeQL on Blacksmith macOS,
|
||||
filters dependency build results out of the uploaded SARIF, and uploads results
|
||||
under the `/codeql-critical-security/macos` category. Keep it outside the daily
|
||||
default workflow because the macOS build dominates runtime even when clean.
|
||||
|
||||
The `CodeQL Critical Quality` workflow is the matching non-security shard. It
|
||||
runs only error-severity, non-security JavaScript/TypeScript quality queries
|
||||
over narrow high-value surfaces. Its baseline job scans the same auth, secrets,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user