Update semgrep.yml

.github/workflows/semgrep.yml

@@ -1,24 +1,31 @@
+# Name of this GitHub Actions workflow.
+name: Semgrep
+
 on:
-  workflow_dispatch: {}
+  # Scan changed files in PRs (diff-aware scanning):
   pull_request: {}
-  push:
-    branches:
-    - main
-    - master
-    paths:
-    - .github/workflows/semgrep.yml
-  schedule:
-  # random HH:MM to avoid a load spike on GitHub Actions at 00:00
-  - cron: 26 11 * * *
-name: Semgrep
+
 jobs:
   semgrep:
+    # User definable name of this GitHub Actions job.
     name: semgrep/ci
-    runs-on: ubuntu-20.04
-    env:
-      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+    # If you are self-hosting, change the following `runs-on` value:
+    runs-on: ubuntu-latest
+
     container:
-      image: returntocorp/semgrep
+      # A Docker image with Semgrep installed. Do not change this.
+      image: semgrep/semgrep
+
+    # Skip any PR created by dependabot to avoid permission issues:
+    if: (github.actor != 'dependabot[bot]')
+
     steps:
-    - uses: actions/checkout@v4
-    - run: semgrep ci
+      # Fetch project source with GitHub Actions Checkout. Use either v3 or v4.
+      - uses: actions/checkout@v4
+      # Run the "semgrep ci" command on the command line of the docker image.
+      - run: semgrep ci
+        env:
+          # Connect to Semgrep AppSec Platform through your SEMGREP_APP_TOKEN.
+          # Generate a token from Semgrep AppSec Platform > Settings
+          # and add it to your GitHub secrets.
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}