From e33de606485cf460a0dd8295058f6203dd7d0e03 Mon Sep 17 00:00:00 2001 From: Hrushikesh Deshpande Date: Thu, 23 Apr 2026 16:53:09 -0400 Subject: [PATCH 1/2] ci: add Semgrep OSS scanning workflow --- .github/workflows/semgrep.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 0000000..09dfe25 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,30 @@ +name: Semgrep OSS scan +on: + pull_request: {} + push: + branches: [main, master] + workflow_dispatch: {} + schedule: + - cron: '0 0 1-7 * 6' # per-repo, staggered across month +concurrency: + group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true +permissions: + contents: read +jobs: + semgrep: + name: semgrep-oss + runs-on: ubuntu-slim + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 1 + - id: cache-semgrep + uses: actions/cache@v5 + with: + path: ~/.local + key: semgrep-1.160.0-${{ runner.os }} + - if: steps.cache-semgrep.outputs.cache-hit != 'true' + run: pip install --user semgrep==1.160.0 + - run: echo "$HOME/.local/bin" >> "$GITHUB_PATH" + - run: semgrep scan --config=auto From 930fa0f24686ef97d28abf13f94a1eebb88f4f4d Mon Sep 17 00:00:00 2001 From: Thibault Date: Fri, 24 Apr 2026 15:27:41 +0200 Subject: [PATCH 2/2] Trigger semgrep on Tuesday, not saturday --- .github/workflows/semgrep.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 09dfe25..405e8f0 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -5,7 +5,7 @@ on: branches: [main, master] workflow_dispatch: {} schedule: - - cron: '0 0 1-7 * 6' # per-repo, staggered across month + - cron: '0 0 1-7 * 2' # per-repo, staggered across month concurrency: group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true