Skip to content

Update README.md

Update README.md #8

Workflow file for this run

name: Semgrep
on:
# Scan changed files in PRs, block on new issues only (existing issues ignored)
# pull_request: {}
# Scan all files on branches, block on any issues
push:
branches: ["master"]
# Schedule this job to run at a certain time, using cron syntax
# Note that * is a special character in YAML so you have to quote this string
# schedule:
# - cron: '30 0 1,15 * *' # scheduled for 00:30 UTC on both the 1st and 15th of the month
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source
- uses: actions/checkout@v2
- uses: returntocorp/semgrep-action@v1
with:
config: >- # more at semgrep.dev/explore
p/security-audit
p/secrets
# == Optional settings in the `with:` block
# Instead of `config:`, use rules set in Semgrep App.
# Get your token from semgrep.dev/manage/settings.
# publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
# Never fail the build due to findings on pushes.
# Instead, just collect findings for semgrep.dev/manage/findings
# auditOn: push
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
# See also the next step.
# generateSarif: "1"
# Change job timeout (default is 1800 seconds; set to 0 to disable)
# env:
# SEMGREP_TIMEOUT: 300
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
# - name: Upload SARIF file for GitHub Advanced Security Dashboard
# uses: github/codeql-action/upload-sarif@v1
# with:
# sarif_file: semgrep.sarif
# if: always()