Skip to content

chore: bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 #111

chore: bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3

chore: bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 #111

Workflow file for this run

name: Semgrep
on:
# Scan changed files in PRs, block on new issues only (existing issues ignored)
pull_request: {}
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
container:
image: semgrep/semgrep:1.168.0@sha256:59fbed6127ea7c5dde3ba6a85142733bb20ea9aaa36120c953904f1539aaf66e
steps:
# Fetch project source
- uses: actions/checkout@v7
- name: Run Semgrep
run: |
semgrep scan \
--sarif \
--output=semgrep.sarif \
--config="p/security-audit" \
--config="p/secrets" \
--config="p/ci" \
--config="p/default" \
--config="p/docker" \
--config="p/dockerfile" \
--config="p/command-injection"
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
- name: Upload SARIF file for GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with:
sarif_file: semgrep.sarif