Skip to content

Semgrep

Semgrep #443

Workflow file for this run

# Name of this GitHub Actions workflow.
name: Semgrep
on:
# Scan changed files in PRs (diff-aware scanning):
pull_request:
# Scan on-demand through GitHub Actions interface:
workflow_dispatch:
# Scan mainline branches and report all findings:
push:
branches:
- main
# Schedule the CI job:
schedule:
- cron: '40 6 * * *'
jobs:
semgrep:
name: semgrep/ci
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
- name: Checkout commit
uses: actions/checkout@v4
- run: semgrep ci
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}