Add CodeQL analysis tool

# Proposal
Hello, I'm working on behalf of Google and the [Open Source Security Foundation][ossf] (OpenSSF) to help open-source projects improve their supply-chain security. Given kind-of project importance to the JavaScript community, the OpenSSF has identified it as one of the 100 most critical open source projects.

Would you consider adopting an analysis tool called [CodeQL][code-ql]? CodeQL scans your code for potential vulnerabilities and reports the results as code scanning alerts. It is developed by GitHub and can help improve the project's security posture.

Would you be interested in a PR adding this tool?

## Additional Context

To simplify maintainers' lives, CodeQL can be configured with [CodeQL GitHub Action][code-ql-action]. It runs on every change or pull request to the repository's main branch. This Action is recommended by [GitHub](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql) and [Scorecards](https://github.com/ossf/scorecard/blob/b491f40d44285453895d28b88a086149e4ed5bb3/docs/checks.md#sast).

Let me know if you have any questions!

[ossf]: https://openssf.org/
[code-ql]: https://codeql.github.com/
[code-ql-action]: https://github.com/github/codeql-action/



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add CodeQL analysis tool #43

Proposal

Additional Context

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Add CodeQL analysis tool #43

Description

Proposal

Additional Context

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions