use pipx as recommended in docs

2025-12-11 13:36:05 -08:00
parent 6ddc23768f
commit 7293c95659
1 changed files with 8 additions and 2 deletions
@@ -9,6 +9,7 @@ on:
    # Run weekly on Mondays at 00:00 UTC
    - cron: '0 0 * * 1'
  workflow_dispatch:
+  continue_on_error: true

 jobs:
  trivy-scan:
@@ -62,7 +63,11 @@ jobs:
          fi

      - name: Install Semgrep
-        run: python3 -m pip install semgrep
+        run: |
+          sudo apt-get install pipx
+          pipx ensurepath
+          pipx install semgrep
+          semgrep --version

      # Static code analysis with Semgrep
      - name: Run Semgrep static analysis
@@ -71,7 +76,8 @@ jobs:
            --config p/owasp-top-ten \
            --config p/ci \
            --config p/security \
-            . > semgrep-results.txt
+            --output semgrep-results.txt \
+            .

      # Display Semgrep results
      - name: Display Semgrep scan results