From 54a20aea6aa02ed6cbbcd174c33da065a3171c5b Mon Sep 17 00:00:00 2001 From: foram-splunk Date: Thu, 21 Jul 2022 15:13:06 +0530 Subject: [PATCH 1/2] Add semgrep --- .github/workflows/ci_build_test.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml index f2490c6c..1bd509c9 100644 --- a/.github/workflows/ci_build_test.yaml +++ b/.github/workflows/ci_build_test.yaml @@ -10,6 +10,10 @@ on: FOSSA_API_KEY: description: API token for FOSSA app required: true + + SEMGREP_PUBLISH_TOKEN: + description: Publish token for Semgrep + required: true jobs: fossa-scan: @@ -35,11 +39,24 @@ jobs: env: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} + semgrep: + runs-on: ubuntu-latest + name: security-sast-semgrep + if: github.actor != 'dependabot[bot]' + steps: + - uses: actions/checkout@v3 + - name: Semgrep + id: semgrep + uses: returntocorp/semgrep-action@v1 + with: + publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} + build-unit-test: name: build and run unit test runs-on: ubuntu-20.04 needs: - fossa-scan + - semgrep steps: - name: Checkout uses: actions/checkout@v2 From 3c63f70dee269d060e5ea9be91c92c4db0f91bf9 Mon Sep 17 00:00:00 2001 From: foram-splunk Date: Fri, 22 Jul 2022 11:34:24 +0530 Subject: [PATCH 2/2] Add semgrep --- .github/workflows/ci_build_test.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml index 1bd509c9..6a91c920 100644 --- a/.github/workflows/ci_build_test.yaml +++ b/.github/workflows/ci_build_test.yaml @@ -54,9 +54,6 @@ jobs: build-unit-test: name: build and run unit test runs-on: ubuntu-20.04 - needs: - - fossa-scan - - semgrep steps: - name: Checkout uses: actions/checkout@v2