File tree Expand file tree Collapse file tree 1 file changed +49
-0
lines changed Expand file tree Collapse file tree 1 file changed +49
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+
6+ # This workflow file requires a free account on Semgrep.dev to
7+ # manage rules, file ignores, notifications, and more.
8+ #
9+ # See https://semgrep.dev/docs
10+
11+ name : Semgrep
12+
13+ on :
14+ push :
15+ branches : [ "master" ]
16+ pull_request :
17+ # The branches below must be a subset of the branches above
18+ branches : [ "master" ]
19+ schedule :
20+ - cron : ' 37 12 * * 3'
21+
22+ permissions :
23+ contents : read
24+
25+ jobs :
26+ semgrep :
27+ permissions :
28+ contents : read # for actions/checkout to fetch code
29+ security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
30+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
31+ name : Scan
32+ runs-on : ubuntu-latest
33+ steps :
34+ # Checkout project source
35+ - uses : actions/checkout@v4
36+
37+ # Scan code using project's configuration on https://semgrep.dev/manage
38+ - uses : returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735
39+ with :
40+ publishToken : ${{ secrets.SEMGREP_APP_TOKEN }}
41+ publishDeployment : ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
42+ generateSarif : " 1"
43+
44+ # Upload SARIF file generated in previous step
45+ - name : Upload SARIF file
46+ uses : github/codeql-action/upload-sarif@v3
47+ with :
48+ sarif_file : semgrep.sarif
49+ if : always()
You can’t perform that action at this time.
0 commit comments