Browse code
Merge pull request #385 from fiddlerwoaroof/fiddlerwoaroof-patch-1
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,37 @@ |
| 1 |
+# This workflow file requires a free account on Semgrep.dev to |
|
| 2 |
+# manage rules, file ignores, notifications, and more. |
|
| 3 |
+# |
|
| 4 |
+# See https://semgrep.dev/docs |
|
| 5 |
+ |
|
| 6 |
+name: Semgrep |
|
| 7 |
+ |
|
| 8 |
+on: |
|
| 9 |
+ push: |
|
| 10 |
+ branches: [ master, * ] |
|
| 11 |
+ pull_request: |
|
| 12 |
+ # The branches below must be a subset of the branches above |
|
| 13 |
+ branches: [ master ] |
|
| 14 |
+ schedule: |
|
| 15 |
+ - cron: '23 4 * * 6' |
|
| 16 |
+ |
|
| 17 |
+jobs: |
|
| 18 |
+ semgrep: |
|
| 19 |
+ name: Scan |
|
| 20 |
+ runs-on: ubuntu-latest |
|
| 21 |
+ steps: |
|
| 22 |
+ # Checkout project source |
|
| 23 |
+ - uses: actions/checkout@v2 |
|
| 24 |
+ |
|
| 25 |
+ # Scan code using project's configuration on https://semgrep.dev/manage |
|
| 26 |
+ - uses: returntocorp/semgrep-action@v1 |
|
| 27 |
+ with: |
|
| 28 |
+ publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
|
|
| 29 |
+ publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
|
|
| 30 |
+ generateSarif: "1" |
|
| 31 |
+ |
|
| 32 |
+ # Upload SARIF file generated in previous step |
|
| 33 |
+ - name: Upload SARIF file |
|
| 34 |
+ uses: github/codeql-action/upload-sarif@v1 |
|
| 35 |
+ with: |
|
| 36 |
+ sarif_file: semgrep.sarif |
|
| 37 |
+ if: always() |