Skip to content

Semgrep

Semgrep #268

Workflow file for this run

name: Semgrep
on:
# Scan changed files in PRs, block on new issues only (existing issues ignored)
pull_request: {}
push:
branches:
- main
paths:
- .github/workflows/semgrep.yml
schedule:
- cron: '0 0 * * 0'
jobs:
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions [removing GH Security Dashboard]
semgrep:
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: Permission issue fix
run: git config --global --add safe.directory /__w/evmos/evmos
- uses: actions/checkout@v3
- name: Get Diff
uses: technote-space/[email protected]
with:
PATTERNS: |
**/*.go
**/*.js
**/*.ts
**/*.sol
go.mod
go.sum
- uses: actions/checkout@v3
- run: semgrep ci --config=auto
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
if: "env.GIT_DIFF_FILTERED != ''"