feat(SEC-1211): update semgrep version (#154)

* feat(SEC-1211): update semgrep version * Add a new entry for the Semgrep action under the docker ecosystem Specify the directory as /security-actions/semgrep to ensure that Dependabot monitors changes to the Semgrep Docker image The commit-message section uses the prefix semgrep and includes the scope to make it clear in the PR message Dependabot version updates does not support docker:// hence remove the use of this URI Ref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#github-actions * syntax fix * syntax fix * syntax fix * syntax fix * test * test * removed the semgrep package-ecosystem --------- Co-authored-by: saisatishkarra <[email protected]>
Kong · Sep 19, 2024 · 6d6e601 · 6d6e601
1 parent d379af8
commit 6d6e601
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -72,4 +72,4 @@ updates:
       interval: "daily"
     commit-message:
       prefix: "github-actions"
-      include: "scope"
+      include: "scope"
diff --git a/security-actions/semgrep/action.yml b/security-actions/semgrep/action.yml
@@ -27,12 +27,12 @@ runs:
   steps:
 
     - name: SAST Scan
-      uses: docker://returntocorp/semgrep
+      uses: docker://returntocorp/semgrep:1.86.0
       id: semgrep
       continue-on-error: true
       with:
         args: "semgrep ci --config auto --sarif -o semgrep_${{github.sha}}.sarif --no-autofix ${{ inputs.additional_config }}"
-    
+
     # Upload grype cve reports
     - name: Upload Semgrep SARIF to Workflow
       if: always()