Skip to content

Bump github/codeql-action from 3.25.5 to 3.25.6 #335

Bump github/codeql-action from 3.25.5 to 3.25.6

Bump github/codeql-action from 3.25.5 to 3.25.6 #335

Workflow file for this run

name: Semgrep
on:
pull_request: {}
push:
branches:
- main
- master
paths:
- .github/workflows/semgrep.yml
schedule:
- cron: '0 0 * * 0'
workflow_call:
permissions: read-all
jobs:
semgrep:
name: Scan
runs-on: ubuntu-24.04
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
actions: read
contents: read
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
with:
egress-policy: audit
disable-telemetry: false
allowed-endpoints:
github.com:443
semgrep.dev:443
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
# Run Semgrep as CI
- run: semgrep ci
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}