Skip to content
This repository was archived by the owner on Apr 3, 2024. It is now read-only.

Create semgrep.yml#230

Open
jackdawm wants to merge 1 commit into
mainfrom
semgrep
Open

Create semgrep.yml#230
jackdawm wants to merge 1 commit into
mainfrom
semgrep

Conversation

@jackdawm

Copy link
Copy Markdown

What was changed

Add Github workflow to scan PRs with Semgrep.

Why?

This will eventually be an org-wide required workflow, but Github won't let us have access to it yet, so this PR manually adds scanning.

Checklist

How was this tested:

Added manually in this way to many other repos with no issue.

## What was changed
Add Github workflow to scan PRs with Semgrep.

## Why?
This will eventually be an org-wide required workflow, but Github won't let us have access to it yet, so this PR manually adds scanning.

## Checklist
How was this tested:

Added manually in this way to many other repos with no issue.
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

Merging #230 (7e60750) into main (2df426a) will not change coverage.
The diff coverage is n/a.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@           Coverage Diff           @@
##             main     #230   +/-   ##
=======================================
  Coverage   64.22%   64.22%           
=======================================
  Files          13       13           
  Lines         995      995           
=======================================
  Hits          639      639           
  Misses        315      315           
  Partials       41       41           

@jackdawm jackdawm enabled auto-merge July 28, 2023 19:31
@jackdawm jackdawm requested a review from cretz July 28, 2023 19:31

@cretz cretz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jlegrone - For confirmation here, while yes this unfortunately does use a non-public SemGrep thing to check, we have been promised that this won't ever fail a build or anything at least without being notified first. Will wait for your approval.

name: semgrep/ci
runs-on: ubuntu-20.04
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this will be unset on PRs from forks, that won't fail PRs right? (sorry, I forget from other repos)

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It shouldn't fail PRs, but if someone went looking in their workflow run logs they would see the job complaining and failing to auth.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants