[CI] CodeQL analyzes only javascript-typescript - the Soroban/Rust contracts (the security-critical core) get no CodeQL scan

[grantfox-oss]

Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0

Why this matters

codeql.yml restricts the language matrix to [javascript-typescript] and its header comment scopes it to backend/ and frontend/ only. The Rust smart contracts under contracts/ hold all the funds and lending logic yet receive no CodeQL static analysis (CodeQL now supports Rust). Add a rust matrix entry (build the wasm32 target in the autobuild/manual build step) so contract code is covered.

Acceptance criteria

• codeql.yml matrix includes a Rust language entry that builds the contracts workspace
• Results upload to the Security tab under a distinct category
• Scheduled and PR triggers cover the new language

Files to touch

• .github/workflows/codeql.yml
• contracts

Out of scope

• Triaging existing CodeQL alerts
• Wiring the dedicated cargo fuzz harness into CI (separate concern)

[mordabdul1]

Hello, I’ve gone through the requirements and I’m confident I can implement a proper solution that matches the acceptance criteria. Kindly assign this issue to me.

[mordabdul1]

Hello, I’ve gone through the requirements and I’m confident I can implement a proper solution that matches the acceptance criteria. Kindly assign this issue to me.

[ComputerOracle]

hello dear maintainer please assign me to this issue

[Michealshodipo56]

@Michealshodipo56 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would like to work on this kindly assign me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Michealshodipo56 to this issue.

[Michael997glitch]

@Michael997glitch has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I’ve resolved similar problems in the past and am confident I can implement a clean, efficient fix quickly,if am given the opportunity.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Michael997glitch to this issue.

[eyooTech]

@eyooTech has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would want to help you implement this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @eyooTech to this issue.

[drips-wave]

Congratulations, @eyooTech! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @eyooTech: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊