ci(repo): Remove Semgrep workflow

[dominic-clerk]

Description

Semgrep scans for this project are managed from Semgrep SaaS directly now, the workflow file causes the scans to run twice.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other: CI

Summary by CodeRabbit

• Chores
  • Streamlined CI by removing an obsolete code scanning workflow. This change is purely operational and does not alter app functionality, UI, or performance. No changes are required from users or administrators. Builds, deployments, and release behavior remain unchanged. No data, settings, or permissions are affected. All existing features continue to work as before.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0d5cf01

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Oct 9, 2025 10:17am

[coderabbitai]

Walkthrough

The change removes the GitHub Actions workflow at .github/workflows/semgrep.yml that previously ran Semgrep CI on workflow_dispatch, pull_request, push to main (with path filters), and a scheduled cron, using the returntocorp/semgrep container and SEMGREP_APP_TOKEN.

Changes

Cohort / File(s)	Summary
CI Workflow: Semgrep removal \.github/workflows/semgrep.yml	Deleted Semgrep CI workflow, including triggers, job definition, env token, and steps to checkout and run semgrep ci.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant GH as GitHub (Events)
  participant WF as Semgrep Workflow (removed)
  participant SG as Semgrep CI

  rect rgb(245,248,255)
    note over GH,WF: Previous flow (now removed)
    Dev->>GH: Push / Pull Request / Schedule / Manual dispatch
    GH->>WF: Trigger semgrep job
    WF->>SG: Run "semgrep ci" in container
    SG-->>WF: Results
    WF-->>GH: Job status
  end

  rect rgb(250,250,250)
    note over Dev,GH: Current state
    Dev->>GH: Push / Pull Request / Schedule
    GH--x WF: No workflow present
    note right of GH: No Semgrep job runs
  end

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I hopped through branches, light and keen,
A linting burrow once was seen—now clean.
The cron bells hush, the scanners sleep,
My paws leave tracks where pipelines seep.
Onward I bound, with tidy cheer,
New paths to guard in the coming year. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Title Check	✅ Passed	The title clearly and concisely summarizes the main change by indicating removal of the Semgrep CI workflow from the repository, matching the PR’s content.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dc-remove-semgrep-wf

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6949

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6949

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6949

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6949

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6949

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6949

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6949

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6949

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6949

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6949

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6949

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6949

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6949

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6949

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6949

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6949

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6949

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6949

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6949

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6949

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6949

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6949

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6949

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6949

commit: 0d5cf01