41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
name: Semgrep
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- main
|
|
- development
|
|
- release-*
|
|
schedule:
|
|
- cron: '30 4 * * MON'
|
|
merge_group:
|
|
|
|
jobs:
|
|
central-semgrep:
|
|
name: Static Code Analysis
|
|
uses: navi-infosec/central-semgrep-action/.github/workflows/central-semgrep.yml@master
|
|
with:
|
|
github-event-number: ${{github.event.number}}
|
|
github-event-name: ${{github.event_name}}
|
|
github-repository: ${{github.repository}}
|
|
secrets:
|
|
READ_SEMGREP_RULES: ${{secrets.READ_SEMGREP_RULES}}
|
|
|
|
run-if-failed:
|
|
runs-on: [ default ]
|
|
needs: [ central-semgrep ]
|
|
if: always() && (needs.semgrep.result == 'failure')
|
|
steps:
|
|
- name: Create comment
|
|
if: ${{ ( github.event.number != '' ) }}
|
|
uses: navi-synced-actions/create-or-update-comment@v2
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
**Vulnerabilities have been discovered in this PR. Please check the vulnerability Analysis section of Semgrep Workflow to understand the security vulnerability. Feel free to reach out to #sast-help for more information**
|
|
- name: Assign Reviewers
|
|
if: ${{ ( github.event.number != '' ) }}
|
|
uses: navi-infosec/security-oncall-action@v1.1
|