Merge pull request #1773 from misfir3/test-semgrep-on-merge
Test semgrep on merge
This commit is contained in:
Jason White
GitHub
36
.github/workflows/semgrep.yml
vendored
Normal file
36
.github/workflows/semgrep.yml
vendored
Normal file
@@ -0,0 +1,36 @@
|
||||
# Name of this GitHub Actions workflow.
|
||||
name: Semgrep OSS scan
|
||||
|
||||
on:
|
||||
# Scan changed files in PRs (diff-aware scanning):
|
||||
pull_request: {}
|
||||
# Scan on-demand through GitHub Actions interface:
|
||||
workflow_dispatch: {}
|
||||
# Scan mainline branches and report all findings:
|
||||
push:
|
||||
branches: ["master", "main"]
|
||||
# Schedule the CI job (this method uses cron syntax):
|
||||
schedule:
|
||||
- cron: '25 19 * * *' # Sets Semgrep to scan every day at 19:25 UTC.
|
||||
# It is recommended to change the schedule to a random time.
|
||||
|
||||
jobs:
|
||||
semgrep:
|
||||
# User definable name of this GitHub Actions job.
|
||||
name: semgrep-oss/scan
|
||||
# If you are self-hosting, change the following `runs-on` value:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
container:
|
||||
# A Docker image with Semgrep installed. Do not change this.
|
||||
image: semgrep/semgrep
|
||||
|
||||
# Skip any PR created by dependabot to avoid permission issues:
|
||||
if: (github.actor != 'dependabot[bot]')
|
||||
|
||||
steps:
|
||||
# Fetch project source with GitHub Actions Checkout.
|
||||
- uses: actions/checkout@v3
|
||||
# Run the "semgrep scan" command on the command line of the docker image.
|
||||
- run: semgrep scan --config auto
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
# WebGoat: A deliberately insecure Web Application
|
||||
|
||||
Adding this line to test a merge for the semgrep Action running vanilla in Actions
|
||||
|
||||
[](https://github.com/WebGoat/WebGoat/actions/workflows/build.yml)
|
||||
[](https://jdk.java.net/)
|
||||
[](https://owasp.org/projects/)
|
||||
|
||||
Reference in New Issue
Block a user