potiuk commented on a change in pull request #11211:
URL: https://github.com/apache/airflow/pull/11211#discussion_r498184364
##########
File path: .github/workflows/codeql-analysis.yml
##########
@@ -0,0 +1,66 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches: [master]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [master]
+ schedule:
+ - cron: '0 17 * * 3'
Review comment:
But I think this was deliberate. It's better to check in on schedule
rather than per-commit because the vulnerabilities are really appearing by
someone adding new stuff but they are triggered by CVE being reported. I think
weekly schedule for those is pretty good cadence.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
