Skip to content

Commit

Permalink
Move to recommended semgrep github workflow action
Browse files Browse the repository at this point in the history
  • Loading branch information
dmhdeveloper committed Nov 15, 2023
1 parent 551f26e commit 76a3d10
Showing 1 changed file with 6 additions and 10 deletions.
16 changes: 6 additions & 10 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,19 +24,15 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
options: --user 1001
steps:
# Checkout project source
- uses: actions/checkout@v3

# Scan code using project's configuration on https://semgrep.dev/manage
- uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
generateSarif: "1"

# Upload SARIF file generated in previous step
- name: Upload SARIF file
# Run the "semgrep ci" command on the command line of the docker image.
- run: semgrep scan --config=auto --sarif > semgrep.sarif
- name: Upload SARIF file for GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: semgrep.sarif
Expand Down

0 comments on commit 76a3d10

Please sign in to comment.