Semgrep #1496

Summary
Jobs
- semgrep/ci
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/semgrep.yml at 372f503

	# Name of this GitHub Actions workflow.
	name: Semgrep

	on:
	push:
	branches: ['development', feature/, hotfix/, main, release/*]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: ['development', feature/, hotfix/, release/*]
	# Schedule the CI job (this method uses cron syntax):
	schedule:
	- cron: '30 3 * * 2'
	# It is recommended to change the schedule to a random time.

	jobs:
	semgrep:
	# User definable name of this GitHub Actions job.
	name: semgrep/ci
	# If you are self-hosting, change the following `runs-on` value:
	runs-on: ubuntu-latest

	container:
	# A Docker image with Semgrep installed. Do not change this.
	image: returntocorp/semgrep

	# Skip any PR created by dependabot to avoid permission issues:
	if: (github.actor != 'dependabot[bot]')

	steps:
	# Fetch project source with GitHub Actions Checkout.
	- uses: actions/checkout@v3
	# Run the "semgrep ci" command on the command line of the docker image.
	- run: semgrep --sarif --metrics=off --exclude=*.test.js
	env:
	# Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
	# Generate a token from Semgrep Cloud Platform > Settings
	# and add it to your GitHub secrets.
	# SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
	SEMGREP_RULES: 'p/javascript p/r2c p/r2c-security-audit p/r2c-best-practices p/nodejs p/nodejsscan ./.github/semgrep/rule.yaml'

	# this should be re-instated when the --output option command works with the semgrep exec command
	# - name: Upload SARIF file for GitHub Advanced Security Dashboard
	# uses: github/codeql-action/upload-sarif@v2
	# with:
	# sarif_file: semgrep.sarif
	# if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Semgrep #1496

Workflow file

Semgrep #1496

Jobs

Run details

Workflow file for this run