Skip to content

Add Support for Control Your Own Key (CYOK) and Bring Your Own Key (BYOK) Features with New EncryptionKeyManager #689

Add Support for Control Your Own Key (CYOK) and Bring Your Own Key (BYOK) Features with New EncryptionKeyManager

Add Support for Control Your Own Key (CYOK) and Bring Your Own Key (BYOK) Features with New EncryptionKeyManager #689

Workflow file for this run

name: Semgrep
on:
merge_group:
pull_request_target:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: "30 0 1,15 * *"
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true
run:
needs: authorize # Require approval before running on forked pull requests
name: Check for Vulnerabilities
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- run: semgrep ci
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_TOKEN }}