diff --git a/.github/workflows/semgrep_scan.yml b/.github/workflows/semgrep_scan.yml new file mode 100644 index 0000000..4260176 --- /dev/null +++ b/.github/workflows/semgrep_scan.yml @@ -0,0 +1,22 @@ +name: Semgrep scan + +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + +jobs: + public-repo-job: + runs-on: ubuntu-latest + if: ${{ github.event.repository.private == false }} + container: + image: semgrep/semgrep + steps: + - uses: actions/checkout@v4.0.0 + - name: run on public repo + run: semgrep ci &> /dev/null + env: + SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN_PUBLIC }} \ No newline at end of file