Skip to content

Commit

Permalink
Test semgrep
Browse files Browse the repository at this point in the history
  • Loading branch information
milkrage committed Oct 18, 2024
1 parent 4b87dd2 commit 3b898ad
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/secure.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
security-events: write
steps:
- uses: actions/checkout@v4
- run: semgrep scan --sarif --output=semgrep.sarif --error --severity=WARNING
- run: semgrep scan --sarif --output=semgrep.sarif --severity=ERROR
env:
SEMGREP_RULES: >-
p/command-injection
Expand All @@ -41,7 +41,7 @@ jobs:
p/security-audit
p/sql-injection
p/xss
- uses: github/codeql-action/upload-sarif@v3
- uses: github/codeql-action/upload-sarif@v3.25.11
with:
sarif_file: semgrep.sarif
if: always()
Expand Down
21 changes: 21 additions & 0 deletions GNUmakefile
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,25 @@ ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
endif
@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)

semgrep:
docker run --rm -v ${PWD}:/app:ro -w /app semgrep/semgrep semgrep scan --error --metrics=off \
--config=p/command-injection \
--config=p/comment \
--config=p/cwe-top-25 \
--config=p/default \
--config=p/gitlab \
--config=p/gitleaks \
--config=p/golang \
--config=p/gosec \
--config=p/insecure-transport \
--config=p/owasp-top-ten \
--config=p/r2c-best-practices \
--config=p/r2c-bug-scan \
--config=p/r2c-security-audit \
--config=p/secrets \
--config=p/security-audit \
--config=p/sql-injection \
--config=p/xss \
.

.PHONY: golangci-lint build test testacc fmt test-compile website website-test

0 comments on commit 3b898ad

Please sign in to comment.