From 1196f80ff9ea28a41f28ed9249fff6c0088b3d51 Mon Sep 17 00:00:00 2001
From: akhon <akhon@samodelkin.net>
Date: Fri, 20 Dec 2024 15:47:00 -0600
Subject: [PATCH] semgrep-sast

---
 .github/workflows/security-scan-sast.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/workflows/security-scan-sast.yaml

diff --git a/.github/workflows/security-scan-sast.yaml b/.github/workflows/security-scan-sast.yaml
new file mode 100644
index 0000000..3160a2b
--- /dev/null
+++ b/.github/workflows/security-scan-sast.yaml
@@ -0,0 +1,15 @@
+name: security-scan-sast
+
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 1 * * *" # Sets Semgrep to scan every day at 1:30 UTC
+
+jobs:
+  scan:
+    uses: verygood-ops/cicd-shared/.github/workflows/security-scan-sast.yaml@security-scan-sast-v1
+    with:
+      uses_maven: false
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}