Hi all, I enabled GitHub code scanning for all merges to master, and also for any PR. You can see the results here:
https://github.com/apache/cxf/security/code-scanning Currently there are 11 issues outstanding. I haven't been able to figure out yet how to exclude test code from the analysis for Java, so if anyone knows how to configure it, that'd be great: https://github.com/apache/cxf/blob/master/.github/workflows/codeql-analysis.yml Colm.
