diff options
Diffstat (limited to 'json4cpp/.github/workflows/semgrep.yml')
| -rw-r--r-- | json4cpp/.github/workflows/semgrep.yml | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/json4cpp/.github/workflows/semgrep.yml b/json4cpp/.github/workflows/semgrep.yml deleted file mode 100644 index 88e722c22d..0000000000 --- a/json4cpp/.github/workflows/semgrep.yml +++ /dev/null @@ -1,54 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow file requires a free account on Semgrep.dev to -# manage rules, file ignores, notifications, and more. -# -# See https://semgrep.dev/docs - -name: Semgrep - -on: - push: - branches: [ "develop" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "develop" ] - schedule: - - cron: '23 2 * * 4' - -permissions: - contents: read - -jobs: - semgrep: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - name: Scan - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - with: - egress-policy: audit - - # Checkout project source - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - # Scan code using project's configuration on https://semgrep.dev/manage - - uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d - with: - publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} - publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} - generateSarif: "1" - - # Upload SARIF file generated in previous step - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4 - with: - sarif_file: semgrep.sarif - if: always() |