Add semgrep (#352)

* Add semgrep * Workarounds to fix issues with latest versions of Xcode tools on GitHub Actions * More fixes to work around default SwiftLint changes --------- Co-authored-by: Mike Nachbaur <[email protected]>
okta · Aug 25, 2023 · 1c53317 · 1c53317
1 parent 4bbbbc3
commit 1c53317
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 5 deletions.
diff --git a/.bacon.yml b/.bacon.yml
@@ -0,0 +1,9 @@
+test_suites:
+ - name: sast_scan
+ script_path: /root/okta/okta-oidc-ios/scripts
+ script_name: sast_scan
+ sort_order: '1'
+ timeout: '200'
+ criteria: MERGE
+ queue_name: small
+ trigger: AUTO
diff --git a/.github/workflows/okta-oidc.yml b/.github/workflows/okta-oidc.yml
@@ -32,4 +32,4 @@ jobs:
  steps:
  - uses: actions/checkout@v2
  - name: Cocoapods
- run: pod lib lint
+ run: pod lib lint --allow-warnings
diff --git a/.swiftlint.yml b/.swiftlint.yml
@@ -40,7 +40,6 @@ only_rules:
  - void_return
  - xct_specific_matcher
  - xctfail_message
- - sorted_imports
  - prefer_self_type_over_type_of_self
  - syntactic_sugar
  - explicit_init
@@ -96,12 +95,10 @@ colon:
 # Whitespace
 leading_whitespace:
  severity: error
-let_var_whitespace:
- severity: error
 operator_whitespace:
  severity: error
 operator_usage_whitespace:
- severity: error
+ severity: warning
 return_arrow_whitespace:
  severity: error
 # Empty

diff --git a/scripts/sast_scan.sh b/scripts/sast_scan.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cd ${OKTA_HOME}/${REPO}
+
+if ! sast_scan;
+then
+ exit ${FAILURE}
+fi
+
+exit ${SUCCESS}