Skip to content

use secure base image #94

use secure base image

use secure base image #94

Workflow file for this run

name: SAST
on:
pull_request:
branches:
- master
push:
branches:
- master
tags:
- 'v*.*.*'
workflow_dispatch: {}
permissions:
contents: read
jobs:
semgrep:
timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
name: Semgrep SAST
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v4
- uses: Kong/public-shared-actions/security-actions/semgrep@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2