Skip to content

Merge pull request #7 from payrails/PR-3761-payment-form-documentation #36

Merge pull request #7 from payrails/PR-3761-payment-form-documentation

Merge pull request #7 from payrails/PR-3761-payment-form-documentation #36

Workflow file for this run

name: Semgrep
on:
# Scan changed files in PRs, block on new issues only (existing issues ignored)
pull_request: {}
# Scan all files on branches, block on any issues
push:
branches: ["master", "main"]
# Schedule this job to run at a certain time, using cron syntax
# Note that * is a special character in YAML so you have to quote this string
# schedule:
# - cron: '30 0 1,15 * *' # scheduled for 00:30 UTC on both the 1st and 15th of the month
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source
- uses: actions/checkout@v3
- run: semgrep ci
# run: semgrep scan --sarif --output=semgrep.sarif
env:
# more rules at semgrep.dev/explore
SEMGREP_RULES: >-
.semgrep
p/security-audit
p/secrets
p/supply-chain
p/owasp-top-ten
p/ci
p/r2c-ci
p/docker
p/dockerfile
p/golang
p/semgrep-go-correctness
p/insecure-transport
p/javascript
p/kubernetes
p/terraform
SEMGREP_SEND_METRICS: off
SEMGREP_TIMEOUT: 1800
#SEMGREP_BASELINE_REF: master
# Upload findings to GitHub Advanced Security Dashboard
# - name: Upload SARIF file for GitHub Advanced Security Dashboard
# uses: github/codeql-action/upload-sarif@v1
# with:
# sarif_file: semgrep.sarif
# if: always()