From 2df4339850fbaff9f69d848405017d358e434481 Mon Sep 17 00:00:00 2001 From: Security Bot Date: Fri, 7 Apr 2023 17:48:23 +0530 Subject: [PATCH] SP-604 | Created local '.github/workflows/semgrep.yml' from remote 'semgrep/semgrep.yml' (#1) Co-authored-by: security-bot --- .github/workflows/semgrep.yml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 0000000..10aabc6 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,39 @@ +name: Semgrep + +on: + # Scan changed files in PRs, block on new issues only (existing issues ignored) + pull_request: + branches: + - master + - main + + # Schedule this job to run at a certain time, using cron syntax + # Note that * is a special character in YAML so you have to quote this string + schedule: + - cron: '00 03 * * 0' # scheduled for 8.30 AM on every sunday + +jobs: + central-semgrep: + name: Static code Analysis + uses: Information-Security/security-workflows/.github/workflows/central-semgrep.yml@master + with: + github-event-number: ${{github.event.number}} + github-event-name: ${{github.event_name}} + github-repository: ${{github.repository}} + + run-if-failed: + runs-on: [ self-hosted ] + needs: [central-semgrep] + if: always() && (needs.semgrep.result == 'failure') + steps: + - name: Create comment + if: ${{ ( github.event.number != '' ) }} + uses: peter-evans/create-or-update-comment@v2 + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + **Vulnerabilities have been discovered in this PR. Please check the vulnerability Analysis section of Semgrep Workflow to understand the security vulnerability. Feel free to reach out to #sast-help for more information ** + + - name: Assign Reviewers + if: ${{ ( github.event.number != '' ) }} + uses: Information-Security/security-oncall-action@v1.1