File tree 1 file changed +3
-39
lines changed 1 file changed +3
-39
lines changed Original file line number Diff line number Diff line change @@ -2,49 +2,13 @@ name: Semgrep scan
2
2
3
3
on :
4
4
pull_request :
5
- branches : ["main", "master" ]
5
+ branches : ["main"]
6
6
workflow_dispatch : {}
7
7
schedule :
8
8
- cron : " 52 2 * * 6"
9
9
10
10
jobs :
11
- semgrep :
12
- runs-on : ubuntu-latest
11
+ call-workflow-semgrep :
13
12
permissions :
14
13
security-events : write
15
-
16
- container :
17
- image : returntocorp/semgrep
18
-
19
- steps :
20
- - name : Checkout all commits and tags
21
- uses : actions/checkout@v4
22
- if : ${{ github.event_name == 'pull_request' }}
23
- with :
24
- fetch-depth : 0
25
-
26
- - name : Checkout single commit
27
- uses : actions/checkout@v4
28
- if : ${{ github.event_name != 'pull_request' }}
29
-
30
- - name : Pull request scan
31
- if : ${{ github.event_name == 'pull_request' }}
32
- run : semgrep scan --config=auto --verbose --time --error --baseline-commit ${{ github.event.pull_request.base.sha }}
33
-
34
- - name : Full scan
35
- if : ${{ github.event_name != 'pull_request' }}
36
- run : semgrep scan --config=auto --verbose --time --sarif --output report.sarif
37
-
38
- - name : Save report as pipeline artifact
39
- if : ${{ github.event_name != 'pull_request' }}
40
- uses : actions/upload-artifact@v4
41
- with :
42
- name : report.sarif
43
- path : report.sarif
44
-
45
- - name : Publish code scanning alerts
46
- if : ${{ github.event_name != 'pull_request' }}
47
- uses : github/codeql-action/upload-sarif@v3
48
- with :
49
- sarif_file : report.sarif
50
- category : semgrep
14
+ uses : gsoft-inc/wl-reusable-workflows/.github/workflows/reusable-semgrep-workflow.yml@main
You can’t perform that action at this time.
0 commit comments