chore(codeql): try devskim

.github/workflows/devskim.yml

@@ -0,0 +1,30 @@
+name: DevSkim
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '41 20 * * 3'
+ workflow_dispatch:
+
+jobs:
+ lint:
+ name: DevSkim
+ runs-on: ubuntu-20.04
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Run DevSkim scanner
+ uses: microsoft/DevSkim-Action@v1
+
+ - name: Upload DevSkim scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: devskim-results.sarif