varnitgoyal95/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔄 Synced local '.github/workflows/semgrep.yml' with remote 'semgrep/semgrep.yml'

Browse Source
This commit is contained in:
security-bot
2022-11-09 12:44:28 +00:00
parent 635078ad7c
commit ced71fa857
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/semgrep.yml vendored
View File

@@ -20,11 +20,17 @@ jobs:
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
- name: Clean workspace
uses: navi-infra/clean-workspace@master
# Fetch project source
- uses: actions/checkout@v3
- run: /usr/bin/git clone https://${{ secrets.SEMGREP_PAT }}@github.cmd.navi-tech.in/Information-Security/semgrep-rules.git
- name: Fetching Semgrep Rules
run: /usr/bin/git clone https://${{ secrets.SEMGREP_PAT }}@github.cmd.navi-tech.in/Information-Security/semgrep-rules.git
- run: semgrep ci --json > semgrep.json
- name: Semgrep Scan
run: |
semgrep ci -q || true && semgrep ci -q --json > semgrep.json
env:
PR_NUMBER: ${{ github.event.number }}
# Select rules for your scan with one of these two options.
@@ -32,12 +38,12 @@ jobs:
SEMGREP_RULES: >- # more at semgrep.dev/r
./semgrep-rules
- name: Vulnerability Analysis Result
- name: Send Vulnerablity Result(s)
if: failure()
run: /usr/bin/curl -X POST http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json" -d @semgrep.json
run: /usr/bin/curl -s -X POST http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json" -d @semgrep.json
- name: Send the Result
run: /usr/bin/curl -X GET http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json"
- name: Send Metadata
run: /usr/bin/curl -s -X GET http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json"
run-if-failed:
runs-on: [ self-hosted ]