mirror of
				https://github.com/meshtastic/firmware.git
				synced 2025-10-25 06:12:48 +00:00 
			
		
		
		
	 00495140bd
			
		
	
	
		00495140bd
		
			
		
	
	
	
	
		
			
			Use new meshtastic/gh-action-firmware Action Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
		
			
				
	
	
		
			48 lines
		
	
	
		
			978 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			48 lines
		
	
	
		
			978 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| name: Semgrep Full Scan
 | |
| 
 | |
| on:
 | |
|   workflow_dispatch:
 | |
|   schedule:
 | |
|     - cron: 0 1 * * 6
 | |
| 
 | |
| permissions:
 | |
|   actions: read
 | |
|   contents: read
 | |
|   security-events: write
 | |
| 
 | |
| jobs:
 | |
|   semgrep-full:
 | |
|     if: github.repository == 'meshtastic/firmware'
 | |
|     runs-on: ubuntu-24.04
 | |
|     container:
 | |
|       image: semgrep/semgrep
 | |
| 
 | |
|     steps:
 | |
|       # step 1
 | |
|       - name: clone application source code
 | |
|         uses: actions/checkout@v4
 | |
| 
 | |
|       # step 2
 | |
|       - name: full scan
 | |
|         run: |
 | |
|           semgrep \
 | |
|             --sarif --output report.sarif \
 | |
|             --metrics=off \
 | |
|             --config="p/default"          
 | |
| 
 | |
|       # step 3
 | |
|       - name: save report as pipeline artifact
 | |
|         uses: actions/upload-artifact@v4
 | |
|         with:
 | |
|           name: report.sarif
 | |
|           overwrite: true
 | |
|           path: report.sarif
 | |
| 
 | |
|       # step 4
 | |
|       - name: publish code scanning alerts
 | |
|         uses: github/codeql-action/upload-sarif@v3
 | |
|         with:
 | |
|           sarif_file: report.sarif
 | |
|           category: semgrep
 |