Added GitHub based code scans (#1170)

.github/workflows/analyze.yaml

@@ -1,12 +1,26 @@
 #
-# Repository validation
+# Repository analysis
 #
+
+# NOTES:
+# This worflow uses PSRule, CodeQL, and DevSkim.
+# You can read more about these linting tools and configuration options here:
+#   PSRule - https://aka.ms/ps-rule and https://github.com/Microsoft/PSRule.Rules.MSFT.OSS
+#   CodeQL - https://codeql.github.com/docs/codeql-overview/about-codeql/
+#   DevSkim - https://github.com/microsoft/DevSkim-Action and https://github.com/Microsoft/DevSkim
+
 name: Analyze
 on:
-- pull_request
+  push:
+    branches: [ main, 'release/*' ]
+  pull_request:
+    branches: [ main, 'release/*' ]
+  schedule:
+  - cron: '26 21 * * 0' # At 09:26 PM, on Sunday each week
+
 jobs:
-  analyze:
-    name: Analyze repository
+  oss:
+    name: Analyze with PSRule
     runs-on: ubuntu-latest
     steps:
 
@@ -18,3 +32,48 @@ jobs:
       with:
         modules: PSRule.Rules.MSFT.OSS
         prerelease: true
+
+  devskim:
+    name: Analyze with DevSkim
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v2.4.0
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@v1
+        with:
+          directory-to-scan: src/
+
+      - name: Upload results to security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: devskim-results.sarif
+
+  codeql:
+    name: Analyze with CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v2.4.0
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: 'csharp'
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

ps-rule.yaml

@@ -8,6 +8,11 @@
 input:
   pathIgnore:
   - '.vscode/'
+  - 'data/'
+  - '.config/'
+  - '.github/workflows/'
+  - '.azure-pipelines/**/*.yaml'
+  - 'docs/examples*.json'
   - '*.md'
   - '*.Designer.cs'
   - '*.resx'
@@ -15,6 +20,13 @@ input:
   - '*.txt'
   - '*.html'
   - '*.ico'
+  - 'ps-docs.yaml'
+  - 'ps-project.yaml'
+  - 'ps-rule.yaml'
+  - 'mkdocs.yml'
+  - '**/.editorconfig'
+  - '.markdownlint.json'
+  - '.github/dependabot.yml'
 
 include:
   path: []