chore: add SAST scanning (#108)

* add SAST scanning

Refs #84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>

Author: justinabrahms

.github/workflows/pullrequest.yml

@@ -19,13 +19,19 @@ jobs:
     steps:
       - name: Check out the code
         uses: actions/checkout@v3
+
       - name: Set up JDK 8
         uses: actions/setup-java@v3
         with:
           java-version: '8'
           distribution: 'temurin'
           cache: maven
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: java
+
       - name: Cache local Maven repository
         uses: actions/cache@v3
         with:
@@ -44,3 +50,6 @@ jobs:
           name: coverage # optional
           fail_ci_if_error: true # optional (default = false)
           verbose: true # optional (default = false)
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2