From 60cadbbb0a4874298eed4c15a24831989af2b565 Mon Sep 17 00:00:00 2001 From: jkan2 Date: Fri, 27 Sep 2024 12:03:49 -0700 Subject: [PATCH] ci: Add SARIF upload to GitHub Security Dashboard (#365) Co-authored-by: jkan2 <5862123+jkan2@users.noreply.github.com> --- .github/workflows/semgrep.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index ea78f625..b0b45b06 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -16,8 +16,21 @@ jobs: SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} container: image: semgrep/semgrep + if: (github.actor != 'dependabot[bot]') steps: - - uses: actions/checkout@v4 - - run: semgrep ci + - uses: actions/checkout@v4 + - name: Checkout semgrep-utilities repo + uses: actions/checkout@v4 + with: + repository: zeta-chain/semgrep-utilities + path: semgrep-utilities + + - run: semgrep ci --json --output semgrep-findings.json + + - run: python semgrep-utilities/utilities/github-sarif-helper/src/semgrep-json-to-sarif.py --json semgrep-findings.json --sarif semgrep-github.sarif + - name: Upload SARIF file for GitHub Advanced Security Dashboard + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: semgrep-github.sarif