From c897b995cd5a75ac20e5ffd89beef076553a571b Mon Sep 17 00:00:00 2001
From: Rostom Zouaghi <rostom.zouaghi@gmail.com>
Date: Wed, 27 Mar 2024 20:43:24 +0000
Subject: [PATCH] Onboard Semgrep - add semgrep.yaml workflow

---
 .github/workflows/semgrep.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/semgrep.yaml

diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
new file mode 100644
index 0000000..0faf620
--- /dev/null
+++ b/.github/workflows/semgrep.yaml
@@ -0,0 +1,17 @@
+name: Semgrep
+on:
+  workflow_dispatch: {}
+  pull_request: {}
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/semgrep.yaml
+  schedule:
+    # random HH:MM to avoid a load spike on GitHub Actions at 00:00
+    - cron: 3 10 * * *
+
+jobs:
+  security-scan:
+    uses: permutive/github-workflows/.github/workflows/semgrep.yaml@master
+    secrets: inherit