File tree Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Original file line number Diff line number Diff line change 1+ # Name of this GitHub Actions workflow.
2+ name : Semgrep
3+
4+ on :
5+ # Scan changed files in PRs (diff-aware scanning):
6+ pull_request : {}
7+ # Scan on-demand through GitHub Actions interface:
8+ workflow_dispatch : {}
9+ # Scan mainline branches if there are changes to .github/workflows/semgrep.yml:
10+ push :
11+ branches :
12+ - main
13+ - master
14+ paths :
15+ - .github/workflows/semgrep.yml
16+ # Schedule the CI job (this method uses cron syntax):
17+ schedule :
18+ - cron : ' 20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
19+ # It is recommended to change the schedule to a random time.
20+
21+ permissions :
22+ contents : read
23+
24+ jobs :
25+ semgrep :
26+ # User definable name of this GitHub Actions job.
27+ name : semgrep/ci
28+ # If you are self-hosting, change the following `runs-on` value:
29+ runs-on : ubuntu-latest
30+
31+ container :
32+ # A Docker image with Semgrep installed. Do not change this.
33+ image : semgrep/semgrep
34+
35+ # Skip any PR created by dependabot to avoid permission issues:
36+ if : (github.actor != 'dependabot[bot]')
37+
38+ steps :
39+ # Fetch project source with GitHub Actions Checkout. Use either v3 or v4.
40+ - uses : actions/checkout@v4
41+ # Run the "semgrep ci" command on the command line of the docker image.
42+ - run : semgrep ci
43+ env :
44+ # Connect to Semgrep AppSec Platform through your SEMGREP_APP_TOKEN.
45+ # Generate a token from Semgrep AppSec Platform > Settings
46+ # and add it to your GitHub secrets.
47+ SEMGREP_APP_TOKEN : ${{ secrets.SEMGREP_APP_TOKEN }}
You can’t perform that action at this time.
0 commit comments