mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
62d3b9145f
* Update build-binaries.yaml Pin action versions + add read only token to build-binaries.yaml * Update codeql-analysis.yml Pin dependencies with hash for codeql-analysis.yml * Update deploy-fleet-website.yml Pin dependencies in deploy-fleet-website.yml * Update docs.yml Pin dependencies for docs.yml * Update fleet-and-orbit.yml Pinning dependencies for fleet-and-orbit.yml * Update generate-osqueryd-app-tar-gz.yml Pin dependencies for generate-osqueryd-app-tar-gz.yml * Pin dependencies in goreleaser workflows Pinned dependencies in the 3 goreleaser workflows * Update integration.yml Pinned dependencies with hash * Update pr-helm.yaml Pinned dependencies with hash * Update push-osquery-perf-to-ecr.yml Pinned dependencies with a hash * Update release-helm.yaml Pinned one dependency with a hash * Update semgrep-analysis.yml Pinned dependencies with hashes * Update test-go.yaml Pinned dependencies with hash * Update test-packaging.yml Pinned dependencies with hashes * Update test-website.yml Pinned dependencies with hashes * Update test.yml Pinned dependencies with hashes
29 lines
831 B
YAML
29 lines
831 B
YAML
name: Semgrep
|
|
|
|
on:
|
|
workflow_dispatch: # (manual dispatch)
|
|
schedule:
|
|
- cron: '0 2 * * *'
|
|
|
|
jobs:
|
|
semgrep:
|
|
name: Scan
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# Checkout project source
|
|
- uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
# Scan code using project's configuration on https://semgrep.dev/manage
|
|
- uses: returntocorp/semgrep-action@b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a # v1
|
|
with:
|
|
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
|
|
publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
|
|
# generateSarif: "1"
|
|
|
|
# # Upload SARIF file generated in previous step
|
|
# - name: Upload SARIF file
|
|
# uses: github/codeql-action/upload-sarif@v1
|
|
# with:
|
|
# sarif_file: semgrep.sarif
|
|
# if: always()
|