laconicd-deprecated/.github/workflows/semgrep.yml

name: Semgrep
on:
  # Scan changed files in PRs, block on new issues only (existing issues ignored)
  pull_request: {}
  push:
    branches:
      - main
    paths:
      - .github/workflows/semgrep.yml
  schedule:
    - cron: '0 0 * * 0'
jobs:
  # Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    container:
      image: returntocorp/semgrep
    if: (github.actor != 'dependabot[bot]')
    steps:
      - name: Permission issue fix
        run: git config --global --add safe.directory /__w/ethermint/ethermint
      - uses: actions/checkout@v3
      - name: Get Diff
        uses: technote-space/get-diff-action@v6.1.0
        with:
          PATTERNS: |
            **/*.go
            **/*.js
            **/*.ts
            **/*.sol
            go.mod
            go.sum
      - uses: actions/checkout@v3
      - run: semgrep scan --sarif --output=semgrep.sarif
        env:
          # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
        if: "env.GIT_DIFF_FILTERED != ''"
      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: semgrep.sarif
        if: "env.GIT_DIFF_FILTERED != ''"
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`name: Semgrep`
			`on:`
			`# Scan changed files in PRs, block on new issues only (existing issues ignored)`
			`pull_request: {}`
			`push:`
			`branches:`
			`- main`
			`paths:`
			`- .github/workflows/semgrep.yml`
			`schedule:`
			`- cron: '0 0 * * 0'`
			`jobs:`
fix(ci): buf makefile dependency, update semgrep workflow (#1144) 2022-06-22 08:28:23 +00:00			`# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`semgrep:`
			`name: Scan`
			`runs-on: ubuntu-latest`
fix(ci): buf makefile dependency, update semgrep workflow (#1144) 2022-06-22 08:28:23 +00:00			`container:`
			`image: returntocorp/semgrep`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`if: (github.actor != 'dependabot[bot]')`
			`steps:`
fix(ci): fix semgrep issue (#1157) 2022-06-27 17:50:24 +00:00			`- name: Permission issue fix`
			`run: git config --global --add safe.directory /__w/ethermint/ethermint`
build(deps): bump actions/checkout from 2.4.0 to 3 (#965) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-03-03 17:07:19 +00:00			`- uses: actions/checkout@v3`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`- name: Get Diff`
build(deps): bump technote-space/get-diff-action from 6.0.1 to 6.1.0 (#1139) Bumps [technote-space/get-diff-action](https://github.com/technote-space/get-diff-action) from 6.0.1 to 6.1.0. - [Release notes](https://github.com/technote-space/get-diff-action/releases) - [Changelog](https://github.com/technote-space/get-diff-action/blob/main/.releasegarc) - [Commits](https://github.com/technote-space/get-diff-action/compare/v6.0.1...v6.1.0) --- updated-dependencies: - dependency-name: technote-space/get-diff-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-06-21 10:53:00 +00:00			`uses: technote-space/get-diff-action@v6.1.0`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`with:`
			`PATTERNS: \|`
			`*/.go`
			`*/.js`
			`*/.ts`
			`*/.sol`
			`go.mod`
			`go.sum`
fix(ci): buf makefile dependency, update semgrep workflow (#1144) 2022-06-22 08:28:23 +00:00			`- uses: actions/checkout@v3`
			`- run: semgrep scan --sarif --output=semgrep.sarif`
			`env:`
			`# Upload findings to GitHub Advanced Security Dashboard [step 1/2]`
			`SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`if: "env.GIT_DIFF_FILTERED != ''"`
			`# Upload findings to GitHub Advanced Security Dashboard [step 2/2]`
ci: cleanup (#1048) 2022-04-12 13:51:20 +00:00			`- name: Upload SARIF file`
build(deps): bump github/codeql-action from 1 to 2 (#1064) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-04-26 11:03:36 +00:00			`uses: github/codeql-action/upload-sarif@v2`
ci: semgrep config (#917) * ci: enable semgrep config * fix config * ignore grpc web 2022-01-24 14:35:02 +00:00			`with:`
			`sarif_file: semgrep.sarif`
			`if: "env.GIT_DIFF_FILTERED != ''"`