Skip to content

[Enhancement]: Check for duplicate keys in IAM policy JSON arguments #13216

[Enhancement]: Check for duplicate keys in IAM policy JSON arguments

[Enhancement]: Check for duplicate keys in IAM policy JSON arguments #13216

Workflow file for this run

name: Semgrep Checks
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths:
- internal/**
- .semgrep*yml
- .github/workflows/semgrep-ci.yml
env:
SEMGREP_SEND_METRICS: "off"
SEMGREP_ENABLE_VERSION_CHECK: false
COMMON_PARAMS: --error --quiet
jobs:
semgrep:
name: Code Quality Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: |
semgrep --validate \
--config .ci/.semgrep.yml \
--config .ci/semgrep/
- run: |
semgrep $COMMON_PARAMS \
--config .ci/.semgrep.yml \
--config .ci/semgrep/ \
--config 'r/dgryski.semgrep-go.badnilguard' \
--config 'r/dgryski.semgrep-go.errnilcheck' \
--config 'r/dgryski.semgrep-go.marshaljson' \
--config 'r/dgryski.semgrep-go.nilerr' \
--config 'r/dgryski.semgrep-go.oddifsequence' \
--config 'r/dgryski.semgrep-go.oserrors'
naming_cae:
name: Naming Scan Caps/AWS/EC2
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-caps-aws-ec2.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-caps-aws-ec2.yml
naming_tests:
name: Test Configs Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-configs.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-configs.yml
naming_semgrep0:
name: Service Name Scan A-C
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-service-name0.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name0.yml
naming_semgrep1:
name: Service Name Scan C-I
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-service-name1.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name1.yml
naming_semgrep2:
name: Service Name Scan I-Q
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-service-name2.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name2.yml
naming_semgrep3:
name: Service Name Scan Q-Z
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.action != 'dependabot[bot]')
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- run: semgrep --validate --config .ci/.semgrep-service-name3.yml
- run: semgrep $COMMON_PARAMS --config .ci/.semgrep-service-name3.yml