From be2f69ff3b49f02433216d603effc89207f1a9aa Mon Sep 17 00:00:00 2001
From: naveen-s-rzp <s.naveen@razorpay.com>
Date: Fri, 31 May 2024 14:35:43 +0530
Subject: [PATCH] new workflow for ruleset

---
 .github/workflows/semgrep_scan.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/semgrep_scan.yml

diff --git a/.github/workflows/semgrep_scan.yml b/.github/workflows/semgrep_scan.yml
new file mode 100644
index 0000000..4260176
--- /dev/null
+++ b/.github/workflows/semgrep_scan.yml
@@ -0,0 +1,22 @@
+name: Semgrep scan
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - edited
+        
+jobs:
+  public-repo-job:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.repository.private == false }}
+    container:
+      image: semgrep/semgrep
+    steps:
+      - uses: actions/checkout@v4.0.0
+      - name: run on public repo
+        run: semgrep ci &> /dev/null
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN_PUBLIC }}
\ No newline at end of file