open-nomad/.github/workflows/semgrep.yml
Tim Gross bebed09677 GHA pinning updates (#18093)
Trusted Supply Chain Component Registry (TSCCR) enforcement starts Monday and an
internal report shows our semgrep action is pinned to a version that's not
currently permitted. Update all the action versions to whatever's the new
hotness to maximum the time-to-live on these until we have automated pinning
setup.

Also version bumps our chromedriver action, which randomly broke upstream today.
2023-07-28 11:52:42 -04:00

22 lines
552 B
YAML

name: Semgrep
on:
pull_request: {}
# Skipping push for now since it would run against the entire code base.
# push:
jobs:
semgrep:
name: Semgrep Scan
runs-on: ubuntu-latest
env:
SEMGREP_SEND_METRICS: 0
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: returntocorp/semgrep-action@245bf11ddb2f3d4e35f116608cf6e27ae0f9aa04 # v1
permissions:
contents: read