Create wiki page to guide developers how to manage CodeQL alerts

[roslynwythe]

Overview

We require a wiki page to guide developers how to manage and resolve CodeQL alerts

Action Items

• We are currently in the process of moving the old wiki to the new website-wiki repo, so we will not be making any changes or additions to the old wiki at this time. Thus, we will be adding wiki content through a different process now. Read How to Contribute to the Wiki
• Create a wiki page "How to manage CodeQL alerts" that covers the following topics:
  • Overview of code scanning and its implementation in code.yml workflow
  • Important elements of the code scanning alert page and details, including the concept of the tracking issue
    • How to use alert tags to determine if an alert represents a security risk
    • Example query to find closed alerts of a specific query type
  • Options for resolving alerts
  • how to resolve specific alert query types
    • Unused variable, import, function or class (for sample resolution see https://github.com/hackforla/website/security/code-scanning/94)
    • Potentially unsafe external link (see sample resolved alert https://github.com/hackforla/website/security/code-scanning/3)
    • Malformed id attribute (see sample https://github.com/hackforla/website/security/code-scanning/25)
    • Missing variable declaration (for sample resolution see https://github.com/hackforla/website/security/code-scanning/49)
    • Use of returnless function
    • Syntax error (see sample https://github.com/hackforla/website/security/code-scanning/97 not resolved)
    • Inclusion of functionality from an untrusted source (see sample resolution https://github.com/hackforla/website/security/code-scanning/37)
    • Superfluous trailing arguments (for sample resolution see https://github.com/hackforla/website/security/code-scanning/35)

After this issue is completed

• Release dependency on Create new issue template for resolution of CodeQL alert #5242

Resources/Instructions

• This issue resulted from Epic: Manage CodeQL deployment #5005

[github-actions]

Hi @roslynwythe.

Please don't forget to add the proper labels to this issue. Currently, the labels for the following are missing:

• Complexity, Role, Feature, Size

NOTE: Please ignore this comment if you do not have 'write' access to this directory.

To add a label, take a look at Github's documentation here.

Also, don't forget to remove the "missing labels" afterwards.
To remove a label, the process is similar to adding a label, but you select a currently added label to remove it.

After the proper labels are added, the merge team will review the issue and add a "Ready for Prioritization" label once it is ready for prioritization.

Additional Resources:

• Wiki: How to create issues
• Wiki: How to read and interpret labels