Skip to content

Commit

Permalink
refactor: use reusable workflow for semgrep (#387)
Browse files Browse the repository at this point in the history 
Updated the build-test-release workflow to use
[sast-scan](https://github.com/splunk/sast-scanning) owned by product
security team instead of using custom implementation.
Ref: https://splunk.atlassian.net/browse/ADDON-72309
  • Loading branch information
@dvarasani-crest
dvarasani-crest authored Sep 5, 2024
1 parent 2e10f86 commit 3ad16a8
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions .github/workflows/build-test-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,16 +59,10 @@ jobs:
- uses: pre-commit/[email protected]

semgrep:
runs-on: ubuntu-latest
name: security-sast-semgrep
if: github.actor != 'dependabot[bot]'
steps:
- uses: actions/checkout@v4
- name: Semgrep
id: semgrep
uses: semgrep/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main
secrets:
SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}

run-unit-tests:
name: test-unit ${{ matrix.python-version }}
Expand Down

0 comments on commit 3ad16a8

Please sign in to comment.