File tree Expand file tree Collapse file tree 1 file changed +5
-3
lines changed
Expand file tree Collapse file tree 1 file changed +5
-3
lines changed Original file line number Diff line number Diff line change 5757 auto
5858 p/ci
5959 r/yaml.github-actions
60- /opt /saleor-rules/yaml
61- /opt /saleor-rules/typescript
60+ ${{ runner.temp }} /saleor-rules/yaml
61+ ${{ runner.temp }} /saleor-rules/typescript
6262# yaml.github-actions.[...].run-shell-injection is duplicate of saleor-rules.yaml.github-actions.script-injection
6363 DEFAULT_EXCLUDE_RULE_IDS : |
6464 yaml.github-actions.security.run-shell-injection.run-shell-injection
@@ -102,7 +102,9 @@ jobs:
102102 # Note: the directory name will be used for rule IDs
103103 # (e.g., saleor-rules.typescript.my-check).
104104 # Thus avoid changing the path and ensure the name is meaningful.
105- path : /opt/saleor-rules
105+ # NOTE: this needs to be outside ./ otherwise Semgrep will scan that folder
106+ # as well.
107+ path : ${{ runner.temp }}/saleor-rules
106108 set-safe-directory : false
107109
108110 - name : Run Semgrep Rules
You can’t perform that action at this time.
0 commit comments