Mergifyio
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 8 additions & 0 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎.mergify.yml‎
Lines changed: 1 addition & 0 deletions b/‎.mergify.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎poe.toml‎
Lines changed: 1 addition & 1 deletion b/‎poe.toml‎
Lines changed: 1 addition & 1 deletion
@@ -26,3 +26,11 @@ jobs:
           poetry run poe linters
           poetry run poe test
           poetry build
+  semgrep:
+    timeout-minutes: 20
+    runs-on: ubuntu-24.04
+    container:
+      image: semgrep/semgrep:1.138.0
+    steps:
+      - uses: actions/checkout@v5
+      - run: tools/semgrep
@@ -9,6 +9,7 @@ queue_rules:
           - check-success=Test with Python 3.10
           - check-success=Test with Python 3.11
           - check-success=Test with Python 3.12
+          - check-success = semgrep
       - "#approved-reviews-by>=1"
       - "#changes-requested-reviews-by=0"
       - "#review-threads-unresolved=0"
 
@@ -15,7 +15,7 @@ sequence = ["ruff check .", "ruff format --check .", "deptry .", "mypy"]
 [tool.poe.tasks.semgrep]
 deps = ["setup"]
 help = "Run SAST tools"
-cmd = "semgrep --config=auto --error --timeout=15"
+cmd = "tools/semgrep"
 
 [tool.poe.tasks.test]
 deps = ["setup"]