Skip to content

Commit d7e399c

Browse files
committed
semgrep scanner
1 parent ab3ce05 commit d7e399c

3 files changed

Lines changed: 33 additions & 21 deletions

File tree

.github/workflows/build-on-pull-request.yml

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -3,27 +3,6 @@ on:
33
pull_request:
44
branches: [master]
55
jobs:
6-
# sast-scan:
7-
# runs-on: ubuntu-latest
8-
# # Skip any PR created by dependabot to avoid permission issues:
9-
# if: (github.actor != 'dependabot[bot]')
10-
# steps:
11-
# - uses: actions/checkout@v5
12-
# - uses: actions/setup-node@v4
13-
# with:
14-
# node-version: "22"
15-
# - run: npm install -g snyk
16-
# - run: snyk config set api=${{ secrets.SNYK_API_KEY }}
17-
# - run: snyk code test src/main
18-
malware-scan:
19-
runs-on: ubuntu-latest
20-
steps:
21-
- uses: actions/checkout@v5
22-
- name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
23-
uses: dell/common-github-actions/malware-scanner@main
24-
with:
25-
directories: .
26-
options: -ri
276
build-and-test:
287
runs-on: ubuntu-latest
298
steps:

.github/workflows/scan-malware.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
name: scan-malware
2+
on:
3+
pull_request:
4+
branches: [master]
5+
jobs:
6+
scan-malware:
7+
runs-on: ubuntu-latest
8+
steps:
9+
- uses: actions/checkout@v5
10+
- name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
11+
uses: dell/common-github-actions/malware-scanner@main
12+
with:
13+
directories: .
14+
options: -ri

.github/workflows/scan-semgrep.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: scan-semgrep
2+
on:
3+
pull_request: {}
4+
workflow_dispatch: {}
5+
merge_group:
6+
types: [checks_requested]
7+
jobs:
8+
scan-semgrep:
9+
name: semgrep/ci
10+
runs-on: ubuntu-latest
11+
container:
12+
image: semgrep/semgrep
13+
# Skip any PR created by dependabot and any check triggered by merge group
14+
if: (github.actor != 'dependabot[bot]') && (github.event != 'merge_group')
15+
steps:
16+
- uses: actions/checkout@v4
17+
- run: semgrep ci
18+
env:
19+
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

0 commit comments

Comments
 (0)