Browse code
Create semgrep-analysis.yml
Showing 1 changed files
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,37 @@ |
1 |
+# This workflow file requires a free account on Semgrep.dev to |
|
2 |
+# manage rules, file ignores, notifications, and more. |
|
3 |
+# |
|
4 |
+# See https://semgrep.dev/docs |
|
5 |
+ |
|
6 |
+name: Semgrep |
|
7 |
+ |
|
8 |
+on: |
|
9 |
+ push: |
|
10 |
+ branches: [ master, * ] |
|
11 |
+ pull_request: |
|
12 |
+ # The branches below must be a subset of the branches above |
|
13 |
+ branches: [ master ] |
|
14 |
+ schedule: |
|
15 |
+ - cron: '23 4 * * 6' |
|
16 |
+ |
|
17 |
+jobs: |
|
18 |
+ semgrep: |
|
19 |
+ name: Scan |
|
20 |
+ runs-on: ubuntu-latest |
|
21 |
+ steps: |
|
22 |
+ # Checkout project source |
|
23 |
+ - uses: actions/checkout@v2 |
|
24 |
+ |
|
25 |
+ # Scan code using project's configuration on https://semgrep.dev/manage |
|
26 |
+ - uses: returntocorp/semgrep-action@v1 |
|
27 |
+ with: |
|
28 |
+ publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} |
|
29 |
+ publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} |
|
30 |
+ generateSarif: "1" |
|
31 |
+ |
|
32 |
+ # Upload SARIF file generated in previous step |
|
33 |
+ - name: Upload SARIF file |
|
34 |
+ uses: github/codeql-action/upload-sarif@v1 |
|
35 |
+ with: |
|
36 |
+ sarif_file: semgrep.sarif |
|
37 |
+ if: always() |