From 6d6e6019a116933a92b20091e597eaf835104714 Mon Sep 17 00:00:00 2001 From: Pankaj Date: Fri, 20 Sep 2024 02:03:55 +0530 Subject: [PATCH] feat(SEC-1211): update semgrep version (#154) * feat(SEC-1211): update semgrep version * Add a new entry for the Semgrep action under the docker ecosystem Specify the directory as /security-actions/semgrep to ensure that Dependabot monitors changes to the Semgrep Docker image The commit-message section uses the prefix semgrep and includes the scope to make it clear in the PR message Dependabot version updates does not support docker:// hence remove the use of this URI Ref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#github-actions * syntax fix * syntax fix * syntax fix * syntax fix * test * test * removed the semgrep package-ecosystem --------- Co-authored-by: saisatishkarra --- .github/dependabot.yml | 2 +- security-actions/semgrep/action.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b55a4ce0..681e93ba 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -72,4 +72,4 @@ updates: interval: "daily" commit-message: prefix: "github-actions" - include: "scope" + include: "scope" \ No newline at end of file diff --git a/security-actions/semgrep/action.yml b/security-actions/semgrep/action.yml index a1ece931..8f9695f3 100644 --- a/security-actions/semgrep/action.yml +++ b/security-actions/semgrep/action.yml @@ -27,12 +27,12 @@ runs: steps: - name: SAST Scan - uses: docker://returntocorp/semgrep + uses: docker://returntocorp/semgrep:1.86.0 id: semgrep continue-on-error: true with: args: "semgrep ci --config auto --sarif -o semgrep_${{github.sha}}.sarif --no-autofix ${{ inputs.additional_config }}" - + # Upload grype cve reports - name: Upload Semgrep SARIF to Workflow if: always()