SP-604 | Created local '.github/workflows/semgrep.yml' from remote 'semgrep/semgrep.yml'

.github/workflows/semgrep.yml

@@ -0,0 +1,39 @@
+name: Semgrep
+
+on:
+  # Scan changed files in PRs, block on new issues only (existing issues ignored)
+  pull_request:
+    branches:    
+      - master
+      - main
+
+  # Schedule this job to run at a certain time, using cron syntax
+  # Note that * is a special character in YAML so you have to quote this string
+  schedule:
+    - cron: '00 03 * * 0' # scheduled for 8.30 AM on every sunday
+
+jobs:
+  central-semgrep:
+    name: Static code Analysis
+    uses: Information-Security/security-workflows/.github/workflows/central-semgrep.yml@master
+    with:
+      github-event-number: ${{github.event.number}}
+      github-event-name: ${{github.event_name}}
+      github-repository: ${{github.repository}}
+      
+  run-if-failed:
+    runs-on: [ self-hosted ]
+    needs: [central-semgrep]
+    if: always() && (needs.semgrep.result == 'failure')
+    steps:
+      - name: Create comment
+        if: ${{ ( github.event.number != '' ) }}
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+             **Vulnerabilities have been discovered in this PR. Please check the vulnerability Analysis section of Semgrep Workflow to understand the security vulnerability. Feel free to reach out to #sast-help for more information **
+             
+      - name: Assign Reviewers
+        if: ${{ ( github.event.number != '' ) }}
+        uses: Information-Security/security-oncall-action@v1.1