cloudflare/cloudflare-typescript
Publicmirrored fromhttps://github.com/cloudflare/cloudflare-typescriptAvailable
.github/workflows/semgrep.yml
31lines · modecode
| 1 | name: Semgrep OSS scan |
| 2 | on: |
| 3 | pull_request: {} |
| 4 | push: |
| 5 | branches: [main, master] |
| 6 | workflow_dispatch: {} |
| 7 | schedule: |
| 8 | - cron: '0 0 15 * *' |
| 9 | concurrency: |
| 10 | group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }} |
| 11 | cancel-in-progress: true |
| 12 | permissions: |
| 13 | contents: read |
| 14 | jobs: |
| 15 | semgrep: |
| 16 | name: semgrep-oss |
| 17 | runs-on: ubuntu-slim |
| 18 | timeout-minutes: 25 |
| 19 | steps: |
| 20 | - uses: actions/checkout@v5 |
| 21 | with: |
| 22 | fetch-depth: 1 |
| 23 | - id: cache-semgrep |
| 24 | uses: actions/cache@v5 |
| 25 | with: |
| 26 | path: ~/.local |
| 27 | key: semgrep-1.160.0-${{ runner.os }} |
| 28 | - if: steps.cache-semgrep.outputs.cache-hit != 'true' |
| 29 | run: pip install --user semgrep==1.160.0 |
| 30 | - run: echo "$HOME/.local/bin" >> "$GITHUB_PATH" |
| 31 | - run: semgrep scan --config=auto |
| 32 | |