CodeQL Analysis #253

	name: CodeQL Analysis

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	# Run every Monday at 08:00 UTC
	- cron: '0 8 * * 1'

	jobs:
	analyze:
	name: Analyze (${{ matrix.language }})
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	contents: read
	actions: read

	strategy:
	fail-fast: false
	matrix:
	language:
	- csharp
	- javascript-typescript

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Setup .NET SDK
	if: matrix.language == 'csharp'
	uses: actions/setup-dotnet@v5
	with:
	dotnet-version: '9.0.x'

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality

	- name: Build (.NET)
	if: matrix.language == 'csharp'
	run: dotnet build src/backend/Blend.slnx --configuration Release

	- name: Autobuild (JavaScript/TypeScript)
	if: matrix.language == 'javascript-typescript'
	uses: github/codeql-action/autobuild@v4

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v4
	with:
	category: /language:${{ matrix.language }}

Provide feedback