Skip to content
.github/workflows/Semgrep.yml

Attempt at semgrep ci #1

Sign in to view logs

Attempt at semgrep ci

Attempt at semgrep ci #1

Workflow file for this run

.github/workflows/Semgrep.yml at 558a47b
# Based on:
# https://semgrep.dev/docs/semgrep-ci/sample-ci-configs#github-actions
# https://0xdbe.github.io/GitHub-HowToEnableCodeScanningWithSemgrep/
# https://medium.com/@mostafa.elnakeb/supercharging-your-code-quality-with-semgrep-sast-in-github-actions-c8f30eb26655
# Name of this GitHub Actions workflow.
name: Semgrep OSS scan
on:
# Scan on-demand through GitHub Actions interface:
workflow_dispatch:
branches:
- main
# Schedule the CI job (this method uses cron syntax):
schedule:
- cron: '0 0 * * 1' # Run at start of week
jobs:
semgrep:
# User definable name of this GitHub Actions job.
name: semgrep-oss/scan
# If you are self-hosting, change the following `runs-on` value:
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues:
if: (github.actor != 'dependabot[bot]')
steps:
# Checkout the repository.
- name: Clone source code
uses: actions/checkout@v4
# Checkout custom rules
- name: Checkout custom rules
uses: actions/checkout@v4
with:

Check failure on line 36 in .github/workflows/Semgrep.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/Semgrep.yml

Invalid workflow file 

You have an error in your yaml syntax on line 36
repository: JuliaComputing/semgrep-rules-julia
ref: main
path: ./JuliaRules
# Prepare Python
- uses: actions/setup-python@v5
with:
python-version: '3.10'
# Install Semgrep
- name: Install Semgrep
run: python3 -m pip install semgrep
- name: Scan with Semgrep
run: |
semgrep scan \
--config ./JuliaRules/rules \
--metrics = off \
--sarif --output report.sarif
--oss-only
--exclude=JuliaRules
- name: Save Semgrep report
use: actions/upload-artifact@v4
with:
name: report.sarif
path: report.sarif
- name: Upload Semgrep report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: semgrep