Merge pull request akto-api-security#365 from akto-api-security/featu…

…re/semgrep Create semgrep.yml
ryanmacarthur · Jun 22, 2023 · aaf0a24 · aaf0a24
2 parents 4616842 + 0974123
commit aaf0a24
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,40 @@
+# Name of this GitHub Actions workflow.
+name: Semgrep
+
+on:
+ # Scan changed files in PRs (diff-aware scanning):
+ pull_request: {}
+ # Scan on-demand through GitHub Actions interface:
+ workflow_dispatch: {}
+ # Scan mainline branches and report all findings:
+ push:
+ branches: ["master"]
+ # Schedule the CI job (this method uses cron syntax):
+ schedule:
+ - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
+ # It is recommended to change the schedule to a random time.
+
+jobs:
+ semgrep:
+ # User definable name of this GitHub Actions job.
+ name: semgrep/ci 
+ # If you are self-hosting, change the following `runs-on` value: 
+ runs-on: ubuntu-latest
+
+ container:
+ # A Docker image with Semgrep installed. Do not change this.
+ image: returntocorp/semgrep
+
+ # Skip any PR created by dependabot to avoid permission issues:
+ if: (github.actor != 'dependabot[bot]')
+
+ steps:
+ # Fetch project source with GitHub Actions Checkout.
+ - uses: actions/checkout@v3
+ # Run the "semgrep ci" command on the command line of the docker image.
+ - run: semgrep ci
+ env:
+ # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
+ # Generate a token from Semgrep Cloud Platform > Settings
+ # and add it to your GitHub secrets.
+ SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}