Bump NBGV, CodeQL Setup

.github/workflows/CLI-codeql-analysis.yml

@@ -0,0 +1,37 @@
+name: "Code Scanning - CLI"
+
+on:
+  push:
+    paths:
+    - DevSkim-DotNet/Microsoft.DevSkim/*
+    - DevSkim-DotNet/Microsoft.DevSkim.CLI/*
+  schedule:
+    - cron: '0 3 * * 3'
+
+jobs:
+  CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+      
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: csharp
+
+    - name: Build DevSkim CLI
+      run: |
+         dotnet restore Microsoft.DevSkim.CLI
+         dotnet build Microsoft.DevSkim.CLI -c Release
+      working-directory: ./DevSkim-DotNet
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/VS-codeql-analysis.yml

@@ -0,0 +1,40 @@
+name: "Code Scanning - VS Extension"
+
+on:
+  push:
+    paths:
+    - DevSkim-DotNet/Microsoft.DevSkim/*
+    - DevSkim-DotNet/Microsoft.DevSkim.VSExtension/*
+  schedule:
+    - cron: '0 3 * * 3'
+
+jobs:
+  CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
+    runs-on: windows-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@v1.0.0
+      
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: csharp
+
+    - name: Build DevSkim VS Extension
+      run: |
+         dotnet restore Microsoft.DevSkim.VSExtension
+         msbuild Microsoft.DevSkim.VSExtension /p:Configuration=Release /p:Platform=AnyCPU
+      working-directory: ./DevSkim-DotNet
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/VSCode-codeql-analysis.yml

@@ -0,0 +1,36 @@
+name: "Code Scanning - VSCode Plugin"
+
+on:
+  push:
+    paths:
+    - DevSkim-VSCode-Plugin/*
+  schedule:
+    - cron: '0 3 * * 3'
+
+jobs:
+  CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: javascript
+
+    - name: Build DevSkim VSCode Plugin
+      run: |
+         npm install
+         npm run pack-ext
+      working-directory: ./DevSkim-VSCode-Plugin
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/codeql-analysis.yml

@@ -1,45 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-  schedule:
-    - cron: '0 4 * * 5'
-
-jobs:
-  CodeQL-Build:
-
-    strategy:
-      fail-fast: false
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

DevSkim-VSCode-Plugin/lgtm.yml

@@ -1,6 +0,0 @@
-queries:
-  - include: js/jsdoc/unknown-parameter
-  - include: js/jsdoc/malformed-param-tag
-  - include: js/jsdoc/missing-parameter
-  - include: js/node/cyclic-import
-  - include: js/node/unused-npm-dependency

Directory.Build.props

@@ -2,7 +2,7 @@
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup>
     <PackageReference Include="Nerdbank.GitVersioning">
-      <Version>3.0.50</Version>
+      <Version>3.1.91</Version>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
   </ItemGroup>

version.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://raw.githubusercontent.com/AArnott/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+  "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
   "version": "0.4",
   "publicReleaseRefSpec": [
     "^refs/heads/master$",