fleet/.github/workflows/semgrep-analysis.yml

name: Semgrep

on:
  workflow_dispatch: # (manual dispatch)
  schedule:
    - cron: '0 2 * * *'

jobs:
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    steps:
      # Checkout project source
      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2

      # Scan code using project's configuration on https://semgrep.dev/manage
      - uses: returntocorp/semgrep-action@b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a # v1
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
          publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
          # generateSarif: "1"

      # # Upload SARIF file generated in previous step
      # - name: Upload SARIF file
      #   uses: github/codeql-action/upload-sarif@v1
      #   with:
      #     sarif_file: semgrep.sarif
      #   if: always()
Add semgrep scanning configuration (#1571) Runs a nightly semgrep scan. 2021-08-06 01:23:58 +00:00			`name: Semgrep`

			`on:`
Update semgrep configuration (#1581) - Disable sarif generation (may have been causing bug in Semgrep). - Enable manual workflow dispatch. 2021-08-06 17:02:45 +00:00			`workflow_dispatch: # (manual dispatch)`
Add semgrep scanning configuration (#1571) Runs a nightly semgrep scan. 2021-08-06 01:23:58 +00:00			`schedule:`
			`- cron: '0 2 * * *'`

			`jobs:`
			`semgrep:`
			`name: Scan`
			`runs-on: ubuntu-latest`
			`steps:`
			`# Checkout project source`
4620 pin action dependencies (#4622) * Update build-binaries.yaml Pin action versions + add read only token to build-binaries.yaml * Update codeql-analysis.yml Pin dependencies with hash for codeql-analysis.yml * Update deploy-fleet-website.yml Pin dependencies in deploy-fleet-website.yml * Update docs.yml Pin dependencies for docs.yml * Update fleet-and-orbit.yml Pinning dependencies for fleet-and-orbit.yml * Update generate-osqueryd-app-tar-gz.yml Pin dependencies for generate-osqueryd-app-tar-gz.yml * Pin dependencies in goreleaser workflows Pinned dependencies in the 3 goreleaser workflows * Update integration.yml Pinned dependencies with hash * Update pr-helm.yaml Pinned dependencies with hash * Update push-osquery-perf-to-ecr.yml Pinned dependencies with a hash * Update release-helm.yaml Pinned one dependency with a hash * Update semgrep-analysis.yml Pinned dependencies with hashes * Update test-go.yaml Pinned dependencies with hash * Update test-packaging.yml Pinned dependencies with hashes * Update test-website.yml Pinned dependencies with hashes * Update test.yml Pinned dependencies with hashes 2022-03-16 19:42:28 +00:00			`- uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2`
Add semgrep scanning configuration (#1571) Runs a nightly semgrep scan. 2021-08-06 01:23:58 +00:00
			`# Scan code using project's configuration on https://semgrep.dev/manage`
4620 pin action dependencies (#4622) * Update build-binaries.yaml Pin action versions + add read only token to build-binaries.yaml * Update codeql-analysis.yml Pin dependencies with hash for codeql-analysis.yml * Update deploy-fleet-website.yml Pin dependencies in deploy-fleet-website.yml * Update docs.yml Pin dependencies for docs.yml * Update fleet-and-orbit.yml Pinning dependencies for fleet-and-orbit.yml * Update generate-osqueryd-app-tar-gz.yml Pin dependencies for generate-osqueryd-app-tar-gz.yml * Pin dependencies in goreleaser workflows Pinned dependencies in the 3 goreleaser workflows * Update integration.yml Pinned dependencies with hash * Update pr-helm.yaml Pinned dependencies with hash * Update push-osquery-perf-to-ecr.yml Pinned dependencies with a hash * Update release-helm.yaml Pinned one dependency with a hash * Update semgrep-analysis.yml Pinned dependencies with hashes * Update test-go.yaml Pinned dependencies with hash * Update test-packaging.yml Pinned dependencies with hashes * Update test-website.yml Pinned dependencies with hashes * Update test.yml Pinned dependencies with hashes 2022-03-16 19:42:28 +00:00			`- uses: returntocorp/semgrep-action@b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a # v1`
Add semgrep scanning configuration (#1571) Runs a nightly semgrep scan. 2021-08-06 01:23:58 +00:00			`with:`
			`publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}`
			`publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}`
Update semgrep configuration (#1581) - Disable sarif generation (may have been causing bug in Semgrep). - Enable manual workflow dispatch. 2021-08-06 17:02:45 +00:00			`# generateSarif: "1"`
Add semgrep scanning configuration (#1571) Runs a nightly semgrep scan. 2021-08-06 01:23:58 +00:00
Update semgrep configuration (#1581) - Disable sarif generation (may have been causing bug in Semgrep). - Enable manual workflow dispatch. 2021-08-06 17:02:45 +00:00			`# # Upload SARIF file generated in previous step`
			`# - name: Upload SARIF file`
			`# uses: github/codeql-action/upload-sarif@v1`
			`# with:`
			`# sarif_file: semgrep.sarif`
			`# if: always()`