Run default semgrep test suite for actions (#16)

billnapier · web-flow · commit e0df38f49706 · 2025-03-31T10:21:17.000-07:00
* also run github-actions ruleset

* yamlformat new yaml files.
diff --git a/.github/workflows/action_scanning.yml b/.github/workflows/action_scanning.yml
@@ -25,7 +25,8 @@ jobs:
           repository: 'google/github-team'
           path: action_scanning
       - name: 'Run Actions semgrep scan'
-        run: 'semgrep scan --sarif --config action_scanning/semgrep-rules/actions >> semgrep-results-actions.sarif'
+        run: 'semgrep scan --sarif --config action_scanning/semgrep-rules --config "p/github-actions"
+          >> semgrep-results-actions.sarif'
       - name: 'Save Actions SARIF results as artifact'
         uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02' # ratchet:actions/upload-artifact@v4
         with:
