From ab4b5193e9446cdb9308a7fbd95a9bb4ef202583 Mon Sep 17 00:00:00 2001
From: BryanFRD <bryanferrando59@gmail.com>
Date: Mon, 30 Mar 2026 17:54:09 +0000
Subject: [PATCH 1/2] ci: add CodeQL workflow and badge

---
 .github/workflows/codeql.yml | 28 ++++++++++++++++++++++++++++
 README.md                    |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..0618bca
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,28 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [javascript-typescript, actions]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+      - uses: github/codeql-action/analyze@v3
+        with:
+          category: /language:${{ matrix.language }}
diff --git a/README.md b/README.md
index 466a945..4f9575a 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
 [![Release](https://github.com/FerrFlow-Org/FerrFlow/actions/workflows/release.yml/badge.svg)](https://github.com/FerrFlow-Org/FerrFlow/actions/workflows/release.yml)
 [![Latest release](https://img.shields.io/github/v/release/FerrFlow-Org/FerrFlow)](https://github.com/FerrFlow-Org/FerrFlow/releases/latest)
 [![Coverage](https://codecov.io/gh/FerrFlow-Org/FerrFlow/graph/badge.svg)](https://codecov.io/gh/FerrFlow-Org/FerrFlow)
+[![CodeQL](https://github.com/FerrFlow-Org/FerrFlow/actions/workflows/codeql.yml/badge.svg)](https://github.com/FerrFlow-Org/FerrFlow/actions/workflows/codeql.yml)
 [![License](https://img.shields.io/github/license/FerrFlow-Org/FerrFlow)](LICENSE)
 
 Universal semantic versioning for monorepos and classic repos.

From 68910fab6b02f077093ea447ccac6e118f9d9491 Mon Sep 17 00:00:00 2001
From: BryanFRD <bryanferrando59@gmail.com>
Date: Mon, 30 Mar 2026 17:57:54 +0000
Subject: [PATCH 2/2] ci: retrigger CodeQL after disabling default setup