Skip to content

Commit

Permalink
Fix Semgrep pull request event (#2728)
Browse files Browse the repository at this point in the history 
Instead of `pull_request` event, I have moved the semgrep SAST scan to
`pull_request_target` similar to `pr-auditor` which consumes extra
secret to clone and scan using private semgrep rules.

P.S: this Semgrep Scan should
[trigger](https://stackoverflow.com/a/77069245) after merged to main

## Test plan

CI 🟢  and external contributors should be able to execute semgrep scan
<!-- Required. See
https://sourcegraph.com/docs/dev/background-information/testing_principles.
-->
  • Loading branch information
@shivasurya
shivasurya authored Jan 14, 2024
1 parent cef08ec commit 8ccfe46
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .github/workflows/semgrep.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
name: Semgrep - SAST Scan

on: [pull_request]
on:
pull_request_target:
types: [ closed, edited, opened, synchronize, ready_for_review ]

jobs:
semgrep:
Expand Down

0 comments on commit 8ccfe46

Please sign in to comment.