Added Semgrep CI/CD scan

Voidd · Voidd · commit 83970fe42167 · 2024-05-14T09:41:36.000-07:00
Updated semgrep.yml file to fix error about dependabot not found
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -1,14 +1,19 @@
-name: Run semgrep checks
-
+name: Semgrep
 on:
   pull_request:
-      branches: [main, master]
-
-permissions:
-  contents: read
+  workflow_dispatch:
 
 jobs:
-  run-semgrep-reusable-workflow:
-    uses: snowflakedb/reusable-workflows/.github/workflows/semgrep-v2.yml@main
-    secrets:
-      token: ${{ secrets.SEMGREP_APP_TOKEN }}
+  semgrep:
+    name: Run Semgrep 
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    container:
+      # A Docker image with Semgrep installed. Do not change this.
+      image: returntocorp/semgrep
+    #if: (github.actor != dependabot[bot])
+    steps:
+      - uses: actions/checkout@v4
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN_PUBLIC }}
