naomi/actions-sandbox
1
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: install semgrep
Security Scan / Trivy Security Scan (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Naomi Carrigan
2025-12-11 12:16:02 -08:00
parent 7ca402cc2b
commit 4ac82f46ed
1 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/security.yml
+9 -12
View File
@@ -58,20 +58,17 @@ jobs:
cat trivy-results.txt
fi
- name: Install Semgrep
run: python3 -m pip install semgrep
# Static code analysis with Semgrep
- name: Run Semgrep static analysis
uses: returntocorp/semgrep-action@v1
with:
config: >-
p/security-audit
p/owasp-top-ten
p/ci
p/security
generateSarif: '1'
outputFormat: 'text'
outputFile: 'semgrep-results.txt'
# Fail on any finding
error: 'true'
run: |
semgrep --config p/security-audit \
--config p/owasp-top-ten \
--config p/ci \
--config p/security \
. > semgrep-results.txt
# Display Semgrep results
- name: Display Semgrep scan results