# This workflow file requires a free account on Semgrep.dev to # manage rules, file ignores, notifications, and more. # # See https://semgrep.dev/docs name: Semgrep on: push: branches: [ main ] pull_request: # The branches below must be a subset of the branches above branches: [ main ] schedule: - cron: '39 13 * * 1' jobs: semgrep: name: Scan runs-on: ubuntu-latest steps: # Checkout project source - uses: actions/checkout@v2 # Scan code using project's configuration on https://semgrep.dev/manage - uses: returntocorp/semgrep-action@v1 with: publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} generateSarif: "1" # Upload SARIF file generated in previous step - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 with: sarif_file: semgrep.sarif if: always()