Skip to content

Semgrep

Semgrep #863

Workflow file for this run

name: Semgrep
on:
merge_group:
pull_request_target:
types:
- opened
- synchronize
push:
branches:
- master
schedule:
- cron: '30 0 1,15 * *'
permissions:
contents: read
jobs:
authorize:
name: Authorize
environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true
run:
if: (github.actor != 'dependabot[bot]')
needs: authorize # Require approval before running on forked pull requests
name: Run
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- run: semgrep ci
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}