From 22f64839e0b9233256c4f3a5376440be2e4cb138 Mon Sep 17 00:00:00 2001
From: ikolomi <ikolomin@amazon.com>
Date: Sun, 25 Feb 2024 16:37:18 +0200
Subject: [PATCH] Enable semgrep using auto config as recommended by the
 semgrep support. This should enable semgrep to run w/o Semgrep Cloud Accout

---
 .github/workflows/semgrep.yml | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 4cf8f5111e..6e4235abdb 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -2,15 +2,15 @@ name: Semgrep
 
 on:
   # Scan changed files in PRs (diff-aware scanning):
-#   pull_request: {}
+  pull_request: {}
   # Scan on-demand through GitHub Actions interface:
   workflow_dispatch:
     inputs:
         branch:
           description: 'The branch to run against the semgrep tool'
           required: true
-#   push:
-#     branches: ["master", "main"]
+  push:
+    branches: ["main"]
   # Schedule the CI job (this method uses cron syntax):
   schedule:
     - cron: '0 8 * * *' # Sets Semgrep to scan every day at 08:00 UTC.
@@ -33,9 +33,4 @@ jobs:
       # Fetch project source with GitHub Actions Checkout.
       - uses: actions/checkout@v3
       # Run the "semgrep ci" command on the command line of the docker image.
-      - run: semgrep ci --no-suppress-errors
-        env:
-          # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
-          # Generate a token from Semgrep Cloud Platform > Settings
-          # and add it to your GitHub secrets.
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+      - run: semgrep ci --config auto --no-suppress-errors