feat(ci): add CodeQL security analysis workflow#6
Conversation
Adds CodeQL analysis for Python using the pinned action SHA (v3.28.0). Runs on push/PR to main and weekly on Monday mornings. Uses harden-runner for supply-chain hardening and queries security-extended,security-and-quality. GitHub's CodeQL default setup must remain disabled for this repo so this workflow controls the scan configuration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
|
Closing as redundant: CodeQL runs via the org reusable security-analysis workflow on PRs and main (Security Scan / CodeQL Analysis check), with the same python language matrix this standalone workflow defines. Repo-level CodeQL default setup was disabled 2026-06-10 in favor of that advanced config. |



Adds CodeQL security analysis workflow. Part of standard security workflow set for python-package repos.