From 4b7d05e92e30b7b16480dda7237b1eae0f5795b5 Mon Sep 17 00:00:00 2001
From: Security Bot <security-bot@navi.com>
Date: Tue, 7 May 2024 18:55:59 +0530
Subject: [PATCH] SP-604 | Synced file(s) with navi-infosec/security-workflows
 (#433)

---
 .github/workflows/semgrep.yml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 8a5b34f..2d4c12f 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -1,20 +1,20 @@
 name: Semgrep
 
 on:
-  workflow_dispatch:
+  # Scan changed files in PRs, block on new issues only (existing issues ignored)
   pull_request:
-    branches:
+    branches:    
       - master
       - main
-      - development
-      - release-*
+
+  # Schedule this job to run at a certain time, using cron syntax
+  # Note that * is a special character in YAML so you have to quote this string
   schedule:
-    - cron: '30 4 * * MON'
-  merge_group:
+    - cron: '00 03 * * 0' # scheduled for 8.30 AM on every sunday
 
 jobs:
   central-semgrep:
-    name: Static Code Analysis
+    name: Static code Analysis
     uses: navi-infosec/central-semgrep-action/.github/workflows/central-semgrep.yml@master
     with:
       github-event-number: ${{github.event.number}}
@@ -22,10 +22,10 @@ jobs:
       github-repository: ${{github.repository}}
     secrets:
       READ_SEMGREP_RULES: ${{secrets.READ_SEMGREP_RULES}}
-
+      
   run-if-failed:
-    runs-on: [ default ]
-    needs: [ central-semgrep ]
+    runs-on: [ self-hosted ]
+    needs: [central-semgrep]
     if: always() && (needs.semgrep.result == 'failure')
     steps:
       - name: Create comment
@@ -34,7 +34,8 @@ jobs:
         with:
           issue-number: ${{ github.event.pull_request.number }}
           body: |
-            **Vulnerabilities have been discovered in this PR. Please check the vulnerability Analysis section of Semgrep Workflow to understand the security vulnerability. Feel free to reach out to #sast-help for more information**
+             **Vulnerabilities have been discovered in this PR. Please check the vulnerability Analysis section of Semgrep Workflow to understand the security vulnerability. Feel free to reach out to #sast-help for more information **
+             
       - name: Assign Reviewers
         if: ${{ ( github.event.number != '' ) }}
         uses: navi-infosec/security-oncall-action@v1.1