From ced71fa85733a3c1a3f939cb17116a192c60f4ad Mon Sep 17 00:00:00 2001
From: security-bot <null>
Date: Wed, 9 Nov 2022 12:44:28 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=84=20Synced=20local=20'.github/workfl?=
 =?UTF-8?q?ows/semgrep.yml'=20with=20remote=20'semgrep/semgrep.yml'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/semgrep.yml | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 5459773..23e878d 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -20,11 +20,17 @@ jobs:
     # Skip any PR created by dependabot to avoid permission issues
     if: (github.actor != 'dependabot[bot]')
     steps:
+      - name: Clean workspace
+        uses: navi-infra/clean-workspace@master
+        
       # Fetch project source
       - uses: actions/checkout@v3
-      - run: /usr/bin/git clone https://${{ secrets.SEMGREP_PAT }}@github.cmd.navi-tech.in/Information-Security/semgrep-rules.git
+      - name: Fetching Semgrep Rules
+        run: /usr/bin/git clone https://${{ secrets.SEMGREP_PAT }}@github.cmd.navi-tech.in/Information-Security/semgrep-rules.git
       
-      - run: semgrep ci --json > semgrep.json
+      - name: Semgrep Scan
+        run: |
+              semgrep ci -q || true && semgrep ci -q --json > semgrep.json
         env:
           PR_NUMBER: ${{ github.event.number }}
           # Select rules for your scan with one of these two options.
@@ -32,12 +38,12 @@ jobs:
           SEMGREP_RULES: >- # more at semgrep.dev/r
             ./semgrep-rules
 
-      - name: Vulnerability Analysis Result
+      - name: Send Vulnerablity Result(s)
         if: failure()
-        run: /usr/bin/curl -X POST http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json" -d @semgrep.json
+        run: /usr/bin/curl -s -X POST http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json" -d @semgrep.json
       
-      - name: Send the Result
-        run: /usr/bin/curl -X GET http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json"
+      - name: Send Metadata
+        run: /usr/bin/curl -s -X GET http://semgrep.cmd.navi-tech.in/v1/semgrep/ -H "X-repo-name":${{ github.repository }} -H "X-pr-number":${{github.event.number}} -H "X-event-name":${{ github.event_name }} -H "Content-Type:application/json"
   
   run-if-failed:
     runs-on: [ self-hosted ]