Skip to content

cleanup(ci): use new kernel-testing provided composite action. #89

cleanup(ci): use new kernel-testing provided composite action.

cleanup(ci): use new kernel-testing provided composite action. #89

Workflow file for this run

name: Semgrep Checks
on:
pull_request:
branches:
- master
- 'release/**'
- 'maintainers/**'
jobs:
insecure-api:
name: check-insecure-api
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep:1.41.0
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Scan PR for insecure API usage 🕵️
run: |
semgrep scan \
--error \
--metrics=off \
--baseline-commit ${{ github.event.pull_request.base.sha }} \
--config=./semgrep/insecure-api
absolute-include-paths:
name: check-absolute-include-paths
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep:1.41.0
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Scan PR for libs relateive include paths 🕵️
run: |
semgrep scan \
--error \
--metrics=off \
--baseline-commit ${{ github.event.pull_request.base.sha }} \
--config=./semgrep/absolute-include-paths.yaml