PIA-1688: Add semgrep workflow to mac split tunnel repo

pia-foss · May 17, 2024 · 5d85641 · 5d85641
1 parent 2fb46f3
commit 5d85641
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,32 @@
+name: Security / Semgrep
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+    tags:
+      - 'v*'
+      - 'v*/*'
+
+jobs:
+  semgrep:
+    name: Security / Semgrep
+    runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep:1.68.0
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - name: Checkout source repository
+        uses: actions/checkout@v4
+      - name: Scan with Semgrep
+        env:
+          # Connect to Semgrep Cloud Platform
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+        run: |
+          semgrep ci \
+            --code \
+            --secrets \
+            --supply-chain \
+            --pro \
+            --no-suppress-errors