Skip to content

Semgrep

Semgrep #831

# This workflow file requires a free account on Semgrep.dev to
# manage rules, file ignores, notifications, and more.
#
# See https://semgrep.dev/docs
name: Semgrep
on:
push:
branches:
- feature/annotations
pull_request:
schedule:
- cron: '23 20 * * 1'
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source
- uses: actions/checkout@v2
- uses: returntocorp/semgrep-action@v1
with:
config: >- # more at semgrep.dev/explore
p/security-audit
p/secrets