File tree Expand file tree Collapse file tree 2 files changed +20
-9
lines changed Expand file tree Collapse file tree 2 files changed +20
-9
lines changed Original file line number Diff line number Diff line change
1
+ name : Semgrep x semgrep-rules-manager
2
+ on :
3
+ pull_request : {}
4
+ workflow_dispatch : {}
5
+ push :
6
+ branches : ["main"]
7
+ schedule :
8
+ - cron : " 0 0 * * *"
9
+ jobs :
10
+ semgrep :
11
+ runs-on : ubuntu-latest
12
+ if : (github.actor != 'dependabot[bot]')
13
+ steps :
14
+ - uses : actions/checkout@v3
15
+ - name : Run Semgrep
16
+ uses : ./
Original file line number Diff line number Diff line change @@ -4,20 +4,15 @@ author: George-Andrei Iosif
4
4
branding :
5
5
icon : search
6
6
color : green
7
- inputs :
8
- severity :
9
- description : The minimum severity (INFO, WARNING, or ERROR) of an alert to be reported
10
- required : false
11
- default : INFO
12
7
runs :
13
8
using : ' composite'
14
9
steps :
15
10
- name : Download additional rules from third-party rules
16
11
shell : bash
17
12
run : |
18
13
pip install semgrep-rules-manager
19
- mkdir /home/semgrep /rules
20
- semgrep-rules-manager --dir /home/semgrep /rules download
14
+ mkdir /tmp /rules
15
+ semgrep-rules-manager --dir /tmp /rules download
21
16
- name : Install Semgrep
22
17
id : semgrep-install
23
18
shell : bash
28
23
- name : Run Semgrep with the additional rules
29
24
shell : bash
30
25
run : |
31
- semgrep ci --severity ${{ inputs.severity }} -- sarif --output=semgrep.sarif
26
+ semgrep ci --sarif --output=semgrep.sarif
32
27
env :
33
- SEMGREP_RULES : " /home/semgrep /rules"
28
+ SEMGREP_RULES : " /tmp /rules"
34
29
- name : Upload SARIF file for GitHub Advanced Security Dashboard
35
30
uses : github/codeql-action/upload-sarif@v2
36
31
with :
You can’t perform that action at this time.
0 commit comments