Skip to content

Commit e13142e

Browse files
committed
Adds a workflow based on the action
1 parent e97d96a commit e13142e

File tree

2 files changed

+20
-9
lines changed

2 files changed

+20
-9
lines changed

.github/workflows/semgrep.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
name: Semgrep x semgrep-rules-manager
2+
on:
3+
pull_request: {}
4+
workflow_dispatch: {}
5+
push:
6+
branches: ["main"]
7+
schedule:
8+
- cron: "0 0 * * *"
9+
jobs:
10+
semgrep:
11+
runs-on: ubuntu-latest
12+
if: (github.actor != 'dependabot[bot]')
13+
steps:
14+
- uses: actions/checkout@v3
15+
- name: Run Semgrep
16+
uses: ./

action.yaml

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,20 +4,15 @@ author: George-Andrei Iosif
44
branding:
55
icon: search
66
color: green
7-
inputs:
8-
severity:
9-
description: The minimum severity (INFO, WARNING, or ERROR) of an alert to be reported
10-
required: false
11-
default: INFO
127
runs:
138
using: 'composite'
149
steps:
1510
- name: Download additional rules from third-party rules
1611
shell: bash
1712
run: |
1813
pip install semgrep-rules-manager
19-
mkdir /home/semgrep/rules
20-
semgrep-rules-manager --dir /home/semgrep/rules download
14+
mkdir /tmp/rules
15+
semgrep-rules-manager --dir /tmp/rules download
2116
- name: Install Semgrep
2217
id: semgrep-install
2318
shell: bash
@@ -28,9 +23,9 @@ runs:
2823
- name: Run Semgrep with the additional rules
2924
shell: bash
3025
run: |
31-
semgrep ci --severity ${{ inputs.severity }} --sarif --output=semgrep.sarif
26+
semgrep ci --sarif --output=semgrep.sarif
3227
env:
33-
SEMGREP_RULES: "/home/semgrep/rules"
28+
SEMGREP_RULES: "/tmp/rules"
3429
- name: Upload SARIF file for GitHub Advanced Security Dashboard
3530
uses: github/codeql-action/upload-sarif@v2
3631
with:

0 commit comments

Comments
 (0)