Skip to content

Semgrep Security Scan #4478

Semgrep Security Scan

Semgrep Security Scan #4478

Workflow file for this run

name: Semgrep Security Scan
on:
pull_request:
branches: [ main ]
merge_group: # run if triggered as part of a merge queue
push:
branches: [ main ]
schedule:
- cron: '0 1 * * *'
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
permissions:
contents: read
checks: write
container:
# A Docker image with Semgrep installed. Do not change this.
image: returntocorp/semgrep@sha256:aebb747812ebd96b674928c63046730432ad06961a56f5b44fa01a29b3a9487a #v1.23.0
# Skip any PR created by dependabot to avoid permission issues:
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source with GitHub Actions Checkout.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
# Run the "semgrep ci" command on the command line of the docker image.
- run: semgrep ci
env:
# Add the rules that Semgrep uses by setting the SEMGREP_RULES environment variable - more at semgrep.dev/explore.
SEMGREP_RULES: p/default p/golang p/github-actions p/docker