20 lines
435 B
YAML
20 lines
435 B
YAML
# Name of this GitHub Actions workflow.
|
|
name: Semgrep
|
|
|
|
on:
|
|
pull_request: {}
|
|
|
|
jobs:
|
|
semgrep:
|
|
name: Scan
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: returntocorp/semgrep
|
|
# Skip any PR created by dependabot to avoid permission issues
|
|
if: (github.actor != 'dependabot[bot]')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- run: semgrep ci
|
|
env:
|
|
SEMGREP_RULES: p/default p/golang p/secrets
|