mirror of
https://github.com/meshtastic/firmware.git
synced 2025-06-20 20:12:12 +00:00
e98da27446
Some checks are pending
CI / setup (check) (push) Waiting to run
CI / setup (esp32) (push) Waiting to run
CI / setup (esp32c3) (push) Waiting to run
CI / setup (esp32c6) (push) Waiting to run
CI / setup (esp32s3) (push) Waiting to run
CI / setup (nrf52840) (push) Waiting to run
CI / setup (rp2040) (push) Waiting to run
CI / setup (stm32) (push) Waiting to run
CI / check (push) Blocked by required conditions
CI / build-esp32 (push) Blocked by required conditions
CI / build-esp32-s3 (push) Blocked by required conditions
CI / build-esp32-c3 (push) Blocked by required conditions
CI / build-esp32-c6 (push) Blocked by required conditions
CI / build-nrf52 (push) Blocked by required conditions
CI / build-rpi2040 (push) Blocked by required conditions
CI / build-stm32 (push) Blocked by required conditions
CI / build-debian-src (push) Waiting to run
CI / package-pio-deps-native-tft (push) Waiting to run
CI / test-native (push) Waiting to run
CI / docker-debian-amd64 (push) Waiting to run
CI / docker-alpine-amd64 (push) Waiting to run
CI / docker-debian-arm64 (push) Waiting to run
CI / docker-debian-armv7 (push) Waiting to run
CI / after-checks (push) Blocked by required conditions
CI / gather-artifacts (esp32) (push) Blocked by required conditions
CI / gather-artifacts (esp32c3) (push) Blocked by required conditions
CI / gather-artifacts (esp32c6) (push) Blocked by required conditions
CI / gather-artifacts (esp32s3) (push) Blocked by required conditions
CI / gather-artifacts (nrf52840) (push) Blocked by required conditions
CI / gather-artifacts (rp2040) (push) Blocked by required conditions
CI / gather-artifacts (stm32) (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
CI / release-firmware (esp32) (push) Blocked by required conditions
CI / release-firmware (esp32c3) (push) Blocked by required conditions
CI / release-firmware (esp32c6) (push) Blocked by required conditions
CI / release-firmware (esp32s3) (push) Blocked by required conditions
CI / release-firmware (nrf52840) (push) Blocked by required conditions
CI / release-firmware (rp2040) (push) Blocked by required conditions
CI / release-firmware (stm32) (push) Blocked by required conditions
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
47 lines
927 B
YAML
47 lines
927 B
YAML
---
|
|
name: Semgrep Full Scan
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: 0 1 * * 6
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
semgrep-full:
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: semgrep/semgrep
|
|
|
|
steps:
|
|
# step 1
|
|
- name: clone application source code
|
|
uses: actions/checkout@v4
|
|
|
|
# step 2
|
|
- name: full scan
|
|
run: |
|
|
semgrep \
|
|
--sarif --output report.sarif \
|
|
--metrics=off \
|
|
--config="p/default"
|
|
|
|
# step 3
|
|
- name: save report as pipeline artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: report.sarif
|
|
overwrite: true
|
|
path: report.sarif
|
|
|
|
# step 4
|
|
- name: publish code scanning alerts
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: report.sarif
|
|
category: semgrep
|