From 5737019e4b2d461a0b849d7b6d51cdf6c0659457 Mon Sep 17 00:00:00 2001 From: "pkanoongo@turo.com" Date: Tue, 10 Dec 2024 16:18:16 -0600 Subject: [PATCH] fix(static-analysis): implementing the fix provided by semgrep team --- static-analysis/semgrep/README.md | 16 ++++++++-------- static-analysis/semgrep/action.yaml | 26 +++++++++++++------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/static-analysis/semgrep/README.md b/static-analysis/semgrep/README.md index 9ae4858..dc4472d 100644 --- a/static-analysis/semgrep/README.md +++ b/static-analysis/semgrep/README.md @@ -4,7 +4,7 @@ ## Description -GitHub Action that scans code changes being made and posts security findings in form of comments on pull requests +Github Action that scans code changes being made and posts security findings in form of comments on pull requests @@ -13,17 +13,17 @@ GitHub Action that scans code changes being made and posts security findings in ```yaml - uses: @ with: - semgrep-app-token: - # Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard - # - # Required: true - # Default: "" - checkout-repo: - # Perform checkout as the first step + # Perform checkout as first step # # Required: false # Default: true + + semgrep-app-token: + # SemGrep API token to be added to repo that allows to pull latest rule config from ruleboard in Semgrep UI + # + # Required: true + # Default: "" ``` diff --git a/static-analysis/semgrep/action.yaml b/static-analysis/semgrep/action.yaml index f97080a..d0d5c98 100644 --- a/static-analysis/semgrep/action.yaml +++ b/static-analysis/semgrep/action.yaml @@ -1,19 +1,19 @@ name: Run static code analysis -description: GitHub Action that scans code changes being made and posts security findings in form of comments on pull requests +description: Github Action that scans code changes being made and posts security findings in form of comments on pull requests inputs: - semgrep-app-token: - required: true - description: Semgrep API token to pull the latest rule configuration from Semgrep's ruleboard checkout-repo: - description: Perform checkout as the first step + description: Perform checkout as first step required: false default: "true" - + semgrep-app-token: + required: true + description: SemGrep API token to be added to repo that allows to pull latest rule config from ruleboard in Semgrep UI runs: - using: docker - image: docker://semgrep/semgrep:latest-nonroot - entrypoint: semgrep - args: - - ci - env: - SEMGREP_USER_HOME: /tmp + using: composite + image: semgrep/semgrep:latest-nonroot + steps: + - name: Checkout + if: ${{inputs.checkout-repo == 'true'}} + uses: actions/checkout@v4 + - run: semgrep ci + shell: bash