Skip to content

Security Semgrep

Security Semgrep #953

---
name: Security Semgrep
on:
pull_request:
branches:
- main
schedule:
- cron: 0 3 * * *
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
semgrep:
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Semgrep
run: semgrep ci
env:
# Select rules for your scan with one of these two options.
# Option 1: set hard-coded rulesets
SEMGREP_RULES: >- # more at semgrep.dev/r
p/secrets
p/security-audit
p/ci
p/github-actions
SEMGREP_AUDIT_ON: push