Tanishq Dubey
997afcdd9e
Some checks failed
Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 15s
Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 14s
Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 24s
Release / build (push) Successful in 39s
Semgrep CE scan / semgrep-oss/scan (push) Failing after 21s
Release / publish_head (push) Successful in 39s
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
# Name of this GitHub Actions workflow.
|
|
name: Semgrep CE scan
|
|
|
|
on:
|
|
# Scan changed files in PRs (diff-aware scanning):
|
|
pull_request: {}
|
|
# Scan on-demand through GitHub Actions interface:
|
|
workflow_dispatch: {}
|
|
# Scan mainline branches and report all findings:
|
|
push:
|
|
branches: ["master", "main"]
|
|
# Schedule the CI job (this method uses cron syntax):
|
|
schedule:
|
|
- cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
|
|
# It is recommended to change the schedule to a random time.
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
semgrep:
|
|
# User definable name of this GitHub Actions job.
|
|
name: semgrep-oss/scan
|
|
# If you are self-hosting, change the following `runs-on` value:
|
|
runs-on: ubuntu-latest
|
|
|
|
container:
|
|
# A Docker image with Semgrep installed. Do not change this.
|
|
image: semgrep/semgrep
|
|
|
|
# Skip any PR created by dependabot to avoid permission issues:
|
|
if: (github.actor != 'dependabot[bot]')
|
|
|
|
steps:
|
|
# Fetch project source with GitHub Actions Checkout. Use either v3 or v4.
|
|
- uses: actions/checkout@v4
|
|
# Run the "semgrep scan" command on the command line of the docker image.
|
|
- run: semgrep scan --config auto |