ci: create sast workflow

Signed-off-by: Leonardo Di Donato <[email protected]>

Author: leodido

.github/workflows/sast.yml

@@ -0,0 +1,61 @@
+name: sast
+
+on:
+  push:
+    branches: ['develop']
+  pull_request:
+    branches: ['develop']
+
+jobs:
+  analyze:
+    name: analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: true
+      matrix:
+        language: [ 'go' ]
+        go: [
+            '1.22',
+            '1.23',
+            '1.24',
+        ]
+        include:
+          # Set the minimum Go patch version for the given Go minor
+          - go: '1.22'
+            GO_VERSION: '~1.22.0'
+          - go: '1.23'
+            GO_VERSION: '~1.23.0'
+          - go: '1.24'
+            GO_VERSION: '~1.24.0'
+
+    steps:
+      - name: Check out the source code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Go ${{ matrix.go }}
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ matrix.GO_VERSION }}
+          check-latest: true
+
+      - name: CodeQL initialization
+        uses: github/codeql-action/init@efffb483ec7bb162c4b7935f8b35ab6b94136c7b # v2.21.0
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      - name: Build
+        run: |
+            sudo apt-get install -y ragel
+            make
+
+      - name: CodeQL analysis
+        uses: github/codeql-action/analyze@efffb483ec7bb162c4b7935f8b35ab6b94136c7b # v2.21.0
+        with:
+          category: "/language:${{matrix.language}}"
+