From 2b74077d1edf9003d6a7cb925adb78dcafb0ea09 Mon Sep 17 00:00:00 2001
From: "pkanoongo@turo.com" <pkanoongo@turo.com>
Date: Tue, 10 Dec 2024 16:09:15 -0600
Subject: [PATCH] fix(static-analysis): implementing the fix provided by
 semgrep team

---
 static-analysis/semgrep/README.md   | 14 +++++++-------
 static-analysis/semgrep/action.yaml | 22 ++++++++++------------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/static-analysis/semgrep/README.md b/static-analysis/semgrep/README.md
index f1b4a51..9ae4858 100644
--- a/static-analysis/semgrep/README.md
+++ b/static-analysis/semgrep/README.md
@@ -13,17 +13,17 @@ GitHub Action that scans code changes being made and posts security findings in
 ```yaml
 - uses: @
   with:
-    checkout-repo:
-    # Perform checkout as first step
-    #
-    # Required: false
-    # Default: true
-
     semgrep-app-token:
-    # SemGrep API token to be added to repo that allows pulling the latest rule config from ruleboard in Semgrep UI
+    # Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard
     #
     # Required: true
     # Default: ""
+
+    checkout-repo:
+    # Perform checkout as the first step
+    #
+    # Required: false
+    # Default: true
 ```
 <!-- action-docs-usage source="action.yaml" -->
 
diff --git a/static-analysis/semgrep/action.yaml b/static-analysis/semgrep/action.yaml
index 548d04b..a4044e0 100644
--- a/static-analysis/semgrep/action.yaml
+++ b/static-analysis/semgrep/action.yaml
@@ -1,19 +1,17 @@
 name: Run static code analysis
 description: GitHub Action that scans code changes being made and posts security findings in form of comments on pull requests
 inputs:
+  semgrep-app-token:
+    required: true
+    description: Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard
   checkout-repo:
-    description: Perform checkout as first step
+    description: Perform checkout as the first step
     required: false
     default: "true"
-  semgrep-app-token:
-    required: true
-    description: SemGrep API token to be added to repo that allows pulling the latest rule config from ruleboard in Semgrep UI
+
 runs:
-  using: composite
-  image: semgrep/semgrep:latest-nonroot
-  steps:
-    - name: Checkout
-      if: ${{ inputs.checkout-repo == 'true' }}
-      uses: actions/checkout@v4
-    - run: semgrep ci
-      shell: bash
+  using: docker
+  image: docker://semgrep/semgrep:latest-nonroot
+  entrypoint: semgrep
+  args:
+    - ci