fix(static-analysis): implementing the fix provided by semgrep team

open-turo · Dec 10, 2024 · 5737019 · 5737019
1 parent 234ff64
commit 5737019
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/static-analysis/semgrep/README.md b/static-analysis/semgrep/README.md
@@ -4,7 +4,7 @@
 <!-- action-docs-description source="action.yaml" -->
 ## Description
 
-GitHub Action that scans code changes being made and posts security findings in form of comments on pull requests
+Github Action that scans code changes being made and posts security findings in form of comments on pull requests
 <!-- action-docs-description source="action.yaml" -->
 
 <!-- action-docs-usage source="action.yaml" -->
@@ -13,17 +13,17 @@ GitHub Action that scans code changes being made and posts security findings in
 ```yaml
 - uses: @
   with:
-    semgrep-app-token:
-    # Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard
-    #
-    # Required: true
-    # Default: ""
-
     checkout-repo:
-    # Perform checkout as the first step
+    # Perform checkout as first step
     #
     # Required: false
     # Default: true
+
+    semgrep-app-token:
+    # SemGrep API token to be added to repo that allows to pull latest rule config from ruleboard in Semgrep UI
+    #
+    # Required: true
+    # Default: ""
 ```
 <!-- action-docs-usage source="action.yaml" -->
 

diff --git a/static-analysis/semgrep/action.yaml b/static-analysis/semgrep/action.yaml
@@ -1,19 +1,19 @@
 name: Run static code analysis
-description: GitHub Action that scans code changes being made and posts security findings in form of comments on pull requests
+description: Github Action that scans code changes being made and posts security findings in form of comments on pull requests
 inputs:
-  semgrep-app-token:
-    required: true
-    description: Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard
   checkout-repo:
-    description: Perform checkout as the first step
+    description: Perform checkout as first step
     required: false
     default: "true"
-
+  semgrep-app-token:
+    required: true
+    description: SemGrep API token to be added to repo that allows to pull latest rule config from ruleboard in Semgrep UI
 runs:
-  using: docker
-  image: docker://semgrep/semgrep:latest-nonroot
-  entrypoint: semgrep
-  args:
-    - ci
-  env:
-    SEMGREP_USER_HOME: /tmp
+  using: composite
+  image: semgrep/semgrep:latest-nonroot
+  steps:
+    - name: Checkout
+      if: ${{inputs.checkout-repo == 'true'}}
+      uses: actions/checkout@v4
+    - run: semgrep ci
+      shell: bash