laconicd/.github/workflows/semgrep.yml

name: Semgrep
on:
  # Scan changed files in PRs, block on new issues only (existing issues ignored)
  pull_request: {}
  push:
    branches:
      - main
    paths:
      - .github/workflows/semgrep.yml
  schedule:
    - cron: '0 0 * * 0'
jobs:
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    if: (github.actor != 'dependabot[bot]')
    steps:
      - uses: actions/checkout@v3
      - name: Get Diff
        uses: technote-space/get-diff-action@v6.0.1
        with:
          PATTERNS: |
            **/*.go
            **/*.js
            **/*.ts
            **/*.sol
            go.mod
            go.sum
      - uses: returntocorp/semgrep-action@v1
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
           # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
          # See also the next step.
          generateSarif: "1"
        if: "env.GIT_DIFF_FILTERED != ''"
      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
      - name: Upload SARIF file for GitHub Advanced Security Dashboard
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: semgrep.sarif
        if: "env.GIT_DIFF_FILTERED != ''"
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`name: Semgrep`
			`on:`
			`# Scan changed files in PRs, block on new issues only (existing issues ignored)`
			`pull_request: {}`
			`push:`
			`branches:`
			`- main`
			`paths:`
			`- .github/workflows/semgrep.yml`
			`schedule:`
			`- cron: '0 0 * * 0'`
			`jobs:`
			`semgrep:`
			`name: Scan`
			`runs-on: ubuntu-latest`
			`if: (github.actor != 'dependabot[bot]')`
			`steps:`
build(deps): bump actions/checkout from 2.4.0 to 3 (#965) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-03 17:07:19 +00:00			`- uses: actions/checkout@v3`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`- name: Get Diff`
			`uses: technote-space/get-diff-action@v6.0.1`
			`with:`
			`PATTERNS: \|`
			`*/.go`
			`*/.js`
			`*/.ts`
			`*/.sol`
			`go.mod`
			`go.sum`
			`- uses: returntocorp/semgrep-action@v1`
			`with:`
			`publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}`
			`# Upload findings to GitHub Advanced Security Dashboard [step 1/2]`
			`# See also the next step.`
			`generateSarif: "1"`
			`if: "env.GIT_DIFF_FILTERED != ''"`
			`# Upload findings to GitHub Advanced Security Dashboard [step 2/2]`
			`- name: Upload SARIF file for GitHub Advanced Security Dashboard`
			`uses: github/codeql-action/upload-sarif@v1`
			`with:`
			`sarif_file: semgrep.sarif`
			`if: "env.GIT_DIFF_FILTERED != ''"`