firmware/.github/workflows/sec_sast_semgrep_pull.yml

---
name: Semgrep Differential Scan
on: pull_request

jobs:
  semgrep-diff:
    runs-on: ubuntu-22.04
    container:
      image: returntocorp/semgrep

    steps:
      # step 1
      - name: clone application source code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # step 2
      - name: differential scan
        run: |
          semgrep scan \
            --error \
            --metrics=off \
            --baseline-commit ${{ github.event.pull_request.base.sha }} \
            --config="p/default"
Implement automatic static code scan with Semgrep 2022-11-20 09:53:11 +00:00			`---`
			`name: Semgrep Differential Scan`
Trunk, you got a big storm coming, honey 2023-01-27 16:22:17 +00:00			`on: pull_request`
Implement automatic static code scan with Semgrep 2022-11-20 09:53:11 +00:00
			`jobs:`
			`semgrep-diff:`
Flag semgrep to not run on self-hosted The semgrep action runs inside a docker container, and docker in podman just doesn't work. 2024-09-19 17:10:39 +00:00			`runs-on: ubuntu-22.04`
Implement automatic static code scan with Semgrep 2022-11-20 09:53:11 +00:00			`container:`
			`image: returntocorp/semgrep`

			`steps:`
			`# step 1`
			`- name: clone application source code`
Update CI runner versions from Node 16 to 20. (#3872) 2024-05-13 08:47:40 +00:00			`uses: actions/checkout@v4`
Implement automatic static code scan with Semgrep 2022-11-20 09:53:11 +00:00			`with:`
			`fetch-depth: 0`

			`# step 2`
			`- name: differential scan`
			`run: \|`
			`semgrep scan \`
			`--error \`
			`--metrics=off \`
			`--baseline-commit ${{ github.event.pull_request.base.sha }} \`
			`--config="p/default"`