mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-02 09:27:45 -08:00
30 lines
656 B
YAML
30 lines
656 B
YAML
|
name: Semgrep Security Scan
|
||
|
|
|
||
|
|
on:
|
||
|
|
push:
|
||
|
|
branches: [ master ]
|
||
|
|
pull_request:
|
||
|
|
branches: [ master ]
|
||
|
|
|
||
|
|
permissions:
|
||
|
|
contents: read
|
||
|
|
|
||
|
|
jobs:
|
||
|
|
semgrep-security-scan:
|
||
|
|
name: Semgrep Security Scan
|
||
|
|
runs-on: ubuntu-latest
|
||
|
|
# Skip any PR created by dependabot to avoid permission issues
|
||
|
|
if: (github.actor != 'dependabot[bot]')
|
||
|
|
steps:
|
||
|
|
# Fetch project source
|
||
|
|
- uses: actions/checkout@v2
|
||
|
|
|
||
|
|
- uses: returntocorp/semgrep-action@v1
|
||
|
|
with:
|
||
|
|
config: >- # more at semgrep.dev/explore
|
||
|
|
p/security-audit
|
||
|
|
p/secrets
|
||
|
|
p/phpcs-security-audit
|
||
|
|
env:
|
||
|
|
SEMGREP_TIMEOUT: 9900
|