✨ Add Semgrep OSS Example

Author: gilday

docs/code-scanning-tools/semgrep-issue-dashlist.png

@@ -9,8 +9,70 @@ Pixee can automatically triage and fix issues detected by [Semgrep](https://semg
 
 # GitHub Advanced Security
 
-No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Semgrep results that are uploaded as Code Scanning alerts.
+No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Semgrep results that are uploaded as Code Scanning alerts. Simply installing the Pixeebot GitHub App is sufficient.
 
 # Others
 
-Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize Semgrep findings with Pixee.
+Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action together with the Pixeebot GitHub App to synchronize Semgrep findings with Pixee.
+
+The following GitHub Action workflow example demonstrates how to include Semgrep vulnerability detection with Pixee fixes in a Java application:
+
+```yaml
+name: Analyze with Semgrep and Fix with Pixee
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: "17"
+          distribution: "temurin"
+
+      - name: Build with Maven
+        run: mvn --batch-mode verify
+
+      - name: Install Semgrep
+        run: |
+          python3 -m pip install semgrep
+
+      - name: Run Semgrep
+        run: |
+          semgrep --config auto --sarif --output webgoat-semgrep-results.sarif.json
+
+      - name: Fix with Pixee
+        uses: pixee/upload-tool-results-action@v2
+        with:
+          tool: semgrep
+          file: webgoat-semgrep-results.sarif.json
+```
+
+This workflow:
+
+1. Builds the Java project using Maven, to give Semgrep more context to find vulnerabilities.
+2. Runs semgrep OSS on the project and stores the results in a standard SARIF file.
+3. Runs the pixee/upload-tool-results-action that sends the SARIF file to Pixee.
+
+Once Pixee receives the Semgrep vulnerabilities, it recalls them on its next analysis of this commit.
+
+- When this commit the head of a pull request, then Pixee triggers its _PR Hardening_ analysis to fix as many Semgrep findings in this PR as it can.
+- When this commit is the head of the main branch, then Pixee uses these findings the next time its _Continuous Improvement Campaign_ analysis runs. Users may trigger such an analysis to occur immediately by issuing the chat command `@pixeebot next` in any PR or issue comment on this repository. Pixee's continuous improvement campaign shows the queue of fixes in Pixeebot Acitvity Dashboard issue.
+
+  ![Pixeebot Activity Dashboard issue](./semgrep-issue-dashlist.png)

docs/code-scanning-tools/semgrep.md

@@ -19,9 +19,11 @@ Also [contact us](https://pixee.ai/demo-landing-page) if you want to partner as
 
 ## Tool connections
 
-Pixee fixes problems detected by [your existing code scanning tools and
-services](/code-scanning-tools/overview). Therefore, you will need to connect
-Pixee to your code scanning tools and services, before Pixee sends fixes.
+Pixee fixes problems detected by [your existing code scanning tools and services](/code-scanning-tools/overview).
+
+If you use GitHub Advanced Security, then installing the Pixeebot GitHub App is sufficient for connecting Pixee to your GHAS results.
+
+Otherwise, you will need to connect Pixee to your code scanning tools and services, before Pixee can send fixes. If your repository does not use any code scanning tools and services, but you still want to try Pixee, see our guide for [adding Semgrep CLI and Pixee to your GitHub repository](./code-scanning-tools/semgrep.md).
 
 ## Repository access