Add CodeQL security scanning

[jhutchings1]

Hi, I'm a PM on the GitHub security team. This repository is eligible to try the new GitHub Advanced Security code scanning beta.

Code scanning runs a static analysis tool called CodeQL which scans your code at build time to find any potential security issues. We've tuned the set of queries to be only the most severe, most precise issues. We'll show alerts in the security tab, and we'll show alerts for any net new vulnerabilities on pull requests as well. We've tried to make this super developer friendly, but we'd love your feedback as we work through the beta.

If you're interested in trying it out, you can merge this pull request to set up the Actions workflow.

[jhutchings1]

Hi @AtsushiSakai! The code scanning build is working. This will cover the same scenarios that LGTM does, although it uses a slightly smaller query set. If you'd like to use this instead of LGTM and use the same set of queries, let me know and I can help you get the right configuration in place.

[AtsushiSakai]

@jhutchings1 Hi. Thank you for your PR. The new features looks great!!.

If you'd like to use this instead of LGTM and use the same set of queries,

Yes, I'm interested in it, but I want to use both LGTM and the new one for comparing.

[jhutchings1]

You bet! I just pushed a change that extends code scanning to use the same set of queries as LGTM.

[AtsushiSakai]

@jhutchings1 Thank you!!. Is it possible to fix Code Factor warning? It reports there is a tailing white space.

[jhutchings1]

@jhutchings1 Thank you!!. Is it possible to fix Code Factor warning? It reports there is a tailing white space.

You bet. I just pushed a change that should fix that warning.

[AtsushiSakai]

Thank you so much!! I will merge it.