Skip to content

Add boilerplate code #25

Add boilerplate code

Add boilerplate code #25

Workflow file for this run

name: Semgrep scan
on:
workflow_dispatch:
pull_request:
env:
configs: "rules/ p/ci p/security-audit p/owasp-top-ten"
permissions:
contents: read
pull-requests: write
jobs:
semgrep:
name: Run Semgrep
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep:1.86
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch the entire history
- name: Mark the Git repository as safe
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Fetch all branches and tags
run: |
git fetch --all
git fetch --tags
- name: run semgrep
id: run_semgrep
env:
SEMGREP_RULES: ${{ env.configs }}
SEMGREP_ENABLE_VERSION_CHECK: 0
SEMGREP_SEND_METRICS: off
shell: bash
run: |
semgrep scan . --error --gitlab-sast -o /tmp/semgrep.json
- name: Show Semgrep report
if: success() || failure()
run: cat /tmp/semgrep.json