reviewdog action for semgrep - lightweight static analysis for many languages with rules that look like source code.
name: reviewdog-semgrep
on: [pull_request]
jobs:
# TODO: change `linter_name`.
linter_name:
name: runner / <linter_name>
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: g-wilson/action-semgrep@v1
with:
github_token: ${{ secrets.github_token }}
# Change reviewdog reporter if you need [github-pr-check,github-check,github-pr-review].
reporter: github-pr-review
# Change reporter level if you need. GitHub Status Check won't become failure with warning.
level: warning
# Change filter mode if you need [added,diff_context,file,nofilter].
filter_mode: file
# Semgrep config string (URL, path to file, or policy)
semgrep_config: p/gosec